OpenBSD or Linux Firewall?

Jeffrey Pyne plug-discuss@lists.plug.mybutt.net
Mon, 14 Jan 2002 12:15:18 -0700 

I got Cox' conversion kit in the mail this weekend, so I guess I need to switch over to their new "hi-speed" service.  While I'm switching, I thought I might as well upgrade my firewall.  I'm currently using OpenBSD 2.6, and this baby has been running trouble-free for 2 1/2 years (not including a couple power outages).  I've been thinking about switching to Linux, since iptables now offers "stateful" firewalling (the lack of that functionality in ipchains led me to go with OpenBSD way back when).  My requirements are as follows:

1) Must be able to handle DHCP since Cox.net apparently won't offer any static IP addresses (*sniff*)-- not just in terms of getting an IP address, but also in terms of the firewalling
2) Must be able to establish a VPN tunnel to a Checkpoint firewall-- I know Linux can do it with FreeS/WAN, and a quick search of Google leads me to believe OpenBSD can handle it as well
3) Must be able to "redirect" incoming traffic to other IP addresses/ports on the internal LAN- OpenBSD does that beautifully, and I imagine iptables does that now, too.
4) Must be able to NAT the internal LAN for outbound traffic- should be a no-brainer for both Linux and OpenBSD
5) Must be as rock-solid as my OpenBSD firewall has proven to be over the years

So, would anyone care to offer their input about whether I should upgrade to OpenBSD 3.0 or move to a Linux platform?  Any caveats, gotchas, or bugaboos?  Any particular strengths or weaknesses RE: any of my requirements?  Anyone ever set up a VPN tunnel to a Checkpoint firewall who would like to share any insight or experiences?  Anybody else made the switch over to Cox.net and have anything to say (I noticed on there web page that their DHCP leases expire every 4 hours)?  Any particularly good documentation that you might like to share?  I am very intrigued by some of the floppy-based Linii, but I'm really interested more in whether the solution can handle the above requirements than how much space the installation requires.  

Thanks in advance,

~Jeff