[quagga-users 9261] Re: Will Quagga do this?

Benjamin Malynovytch bm.lists at ipgarde.com
Wed Jan 2 17:39:29 GMT 2008


Hi Mike,

In fact, we host tens of Windows servers and we do use iptables based
firewall, but I wouldn't suggest you to place the iptables on the border
routers, because of potential performance issues (firewall + bgp on the same
machine may use lots of CPU) and access / control issues.
I think that you should seperate things : routing on one side, filtering on
the other. In our own case, we use transparent firewalling, and the Windows
boxes have their own public IP addresses.

Best regards,

Benjamin. 

-----Message d'origine-----
De : quagga-users-bounces at lists.quagga.net
[mailto:quagga-users-bounces at lists.quagga.net] De la part de Mike Williams
Envoyé : mercredi 2 janvier 2008 16:57
À : quagga-users at lists.quagga.net
Objet : [quagga-users 9260] Re: Will Quagga do this?

On Sunday 30 December 2007 21:53:35 Mike Williams wrote:
> and throw in some simple iptables filtering.

Thanks again to everyone who has responded to my perhaps slightly nooby 
questions.
Could I just get some clarification on this one point?
It'd be nice to be able to allow only certain ports to some of the IPs in
the 
block(s) being routed. For example, I'm half expecting one project to
require 
some *shudder* windows machines to have real public IP addresses, but would 
obviously prefer some real limitations on what ports the public internet can

access.
Is it practical, or even recommened, to use iptables for simple filtering on

the router itself? Or perhaps is there a better way?

Cheers

-- 
Mike Williams
_______________________________________________
Quagga-users mailing list
Quagga-users at lists.quagga.net
http://lists.quagga.net/mailman/listinfo/quagga-users






More information about the Quagga-users mailing list