----- Original Message -----
From: Karl J. Runge <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, February 27, 2000 11:20 AM
Subject: Re: Firewall Performance
>
> Hi Ken,
>
> ISA 486/33 should be more than adequate for your needs on <= 10Mb/s
> network. If it is a Mediaone connection (1.5Mb/s = 1/6 of regular
> ethernet) even a 386 should be enough.
>
> I have a 486/50 acting as my firewall/router and during ~ 190KB/s
> downloads it never breaks a sweat (load always < 0.05). And this is with
> about 170 packet filtering rules!
>
> (The reason why so many filtering rules don't effect the throughput is
> because the packets are so large (MTU=1500) during high throughput:
> only about 100pkts/sec to check. Flood of small packets, e.g. Dos
> attack, would likely be a different story...)
>
> I have CONFIG_IP_ROUTER (optimize as router) set in kernel .config,
> but I haven't measured what difference that makes. I can send you
> the network options part of my .config if you are interested.
> Read /usr/src/linux/Documentation/Configure.help for more info on the
> CONFIG_IP* switches.
>
> Please also read the /usr/doc/HOWTO/Ethernet-HOWTO in particular
> section "4. Performance Tips", where the author argues even
> an 8-bit NIC on a 486 with 8MHz ISA bus is borderline for 10Mb/s
> ethernet, but probably sufficient for Cable modem rates. 16 bit NIC's
> (probably what you have) are even better.
>
>
> Karl Runge
>
>
> On Sat, 26 Feb 2000, "Kenneth E. Lussier" <[EMAIL PROTECTED]> wrote:
> > All,
> > I have a fairly dumb question about firewall performance. Does the
> > system hardware impact the speed of network traffic going through the
> > firewall? I have an old 486/33 with 24M of RAM running RH6.1 with
> > ipchains for a firewall. The box isn't doing anything but packet
> > filtering. I'm just wondering if I could increase my network speed if I
> > put a faster system in.
> > TIA,
> > Kenny
>
>
> **********************************************************
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **********************************************************
>
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
