Em 11-04-2014 04:10, Sinosuke Noara escreveu: > Thanks for the answers! > > Yes, it's a single physical machine running Debian (OpenBSD is not an > option for my friends, and I don't know anything about virtualization in > OpenBSD, just that there isn't a native support). > > Answering to Tomas: > 1) This is the host (physical machine) > http://www.hetzner.de/hosting/produkte_rootserver/ex40 > 2) I'm going to test it, but I wanted some advices about it's performance > and if it will fit our our needs, so that way I won't loose any time > setting it up. > 3) As far as I know now, the more common type of traffic will be: HTTP/S, > VPN, Owncloud and bittorrent sync, VoIP and XMPP. > 4) We only have a single physical machine, and they 3 of them (we are 5) > never used OpenBSD, and they are not exactly "excited" about using it. > > > > 2014-04-11 7:18 GMT+02:00 Tomas Bodzar <[email protected]>: > >> >> >> On Fri, Apr 11, 2014 at 1:35 AM, Sinosuke Noara < >> [email protected]> wrote: >> >>> Hi guys, >>> >>> I've rented a virtual private server with some friends and we would like >>> to >>> deploy a firewall. I suggested packet filter and OpenBSD because I have it >>> at home, but really don't know about the performace of the OpenBSD packet >>> filter into a virtual machine. The idea is to have some (6-9) different >>> virtual machines running at the same time, 2 of then (apart from the >>> firewall) will have a lot of incoming traffic and at least 1 will have a >>> lot of outgoing network traffic, so my mates are thinking that PF into a >>> virtual machine running OpenBSD is not going to have a good performance, >>> maybe because (as far as I know) PF can't work using more than one core. >>> >>> Any of you have some experience about this? Could you give me some info >>> about performance or some nice arguments to convince them? >>> >>> Thanks in advance! >>> >>> Excuse my english, but I don't practice it regularly. >>> >> 1) You don't mention which VPS are you planning to use >> 2) PF can handle a lot of traffic just fine, but you must test in YOUR >> scenario >> 3) You don't mention expected amount of traffic and type of that traffic >> 4) Why exactly are your friends against it? Maybe they don't know OpenBSD >> well, maybe VPS doesn't support OpenBSD and so on I have one virtualized PF firewall in my home and one in my company. In both of them the bare metal is a ubuntu and I'm using KVM for virtualization. I found that using the virtio interfaces in OpenBSD has a great performance benefit. I doubt that your traffic will make you firewall to fail, if you use PF. Your friends are probably against it because they don't know it.
Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC
