On Fri, Nov 05, 1999 at 01:56:26PM -0600, D'jinnie wrote: > [please Cc: me with your replies] > Well, I've finally convinced my boss to take Linux seriously and get a > firewall (since the University I attend and work for, that shall remain > nameless, does not have one). She asked me a question that rather floored > me - if we get an older PC to just be a dedicated firewall machine, what > are the min. system requirements for it not to slow anything down? I > wasn't sure how to answer that, although I think pretty much anything > above a 486 with an acceptable amount of RAM will do...this will be for a > department, several NT servers, 2 Solaris boxes, other assorted stuff. Any > help, pointers, URLs, etc would be appreciated!
Depends how much bandwidth it has to pump, and what it has to do besides just route traffic. A 486 with 8M of RAM and a stripped down debian installation was more than enough to sit between a private network and two dialup lines. A K6-2 with 128M of RAM doesn't even notice the extra load of sitting between a public network and a private network, handling up to a full T1 of bandwidth to the rest of the world and doing masquerading of the private net, and handling squid for two or three active web users. A low end pentium with 16M of ram should be able to handle any reasonable traffic from T1 to 10Mbit LAN; that's if it doesn't have to do things like squid and such. For real userland stuff, you'll want more RAM. Of course, strip the OS down to the bare bones of what you actually need for the firewall - my debian masquerading 486 was only using a 100M hard drive, and had plenty of room to spare (that was with the full perl installation, for handling route table generation to route some things to one dialup and some to the other). SOCKS will use more resources on the firewall than just routing packets (using the firewall just to filter) or masquerading (using the firewall for NAT). Don't run anything on the firewall that you can run elsewhere - leeched cycles are your enemy. The trick, of course, is to use good ethernet cards - DECchip tulip cards are great, though even ne2000's and such can work without any problems for low end solutions. -- Elie Rosenblum That is not dead which can eternal lie, http://www.cosanostra.net And with strange aeons even death may die. Admin / Mercenary / System Programmer - _The Necronomicon_
