John Ackermann wrote: > > In message <[EMAIL PROTECTED]>, Luca Filipozzi writes: > >On Thu, Aug 10, 2000 at 04:35:36PM -0300, John Ackermann wrote: > >[snip description of firewall with three interfaces] > >> I have a nice small box with a 486DX4/100 in it, and am wondering if that's > >> sufficient horsepower for this sort of application, or whether I should be > >> looking at a Pentium. > > > >A 486DX4/100 is plenty for this application. I use a 486SX/25 to firewall > >my house from my ADSL connection. It masq's and port forwards just fine. > > > >[snip stuff about 100Mbps vs 10Mbps] > >> Will there be a significant impact > >> if the servers have to switch to 10MB mode to talk with the firewall (the > >> internal network is all 10MB, so there's no issue on that side). > > > >Well, since your net connection isn't 10Mbps, I don't think it's > >a problem for you DMZ boxen to be limited to 10Mbps. > > Thanks for the *very* quick response, Luca! My concern about the NIC speed > is not for the 'net traffic (which is way slow) but rather the traffic > passing from the internal network through the firewall to the DMZ machines > -- at times, there may be quite a bit of it (for example, I will probably > be backing up the servers to a tape drive on the private network). Of course, > the bottleneck is still the 10MB speed on the internal network side, so > it probably doesn't make any difference...
I would have some concern about full speed 10MB routing on a 486, but every time I've checked `top` or similar during heavy routing the CPU has been loafing. Is `top` a good indicator of this, or is it only tracking non-kernel processes? Perhaps some benchmarking would be in order? Transfer some huge file within the DMZ, then across the firewall. -- Paul Reavis [EMAIL PROTECTED] Design Lead Partner Software, Inc. http://www.partnersoft.com
