Re: Firewall Speed
I have a Pentium III 600Mhz 720MB Ram running FreeBSD 4.10 with
IPFW+Nat+Squid+Qmail with Clamav+dnscache, routing 4 internal networks
(around 500 users), 3x 2Mbit/s links and a 1Mb internet link. Everything
works perfect !!
I will change the machine by the same problem that Josh said.
Regards,
Alexandre
On 5/19/06, Josh Paetzel <[EMAIL PROTECTED]> wrote:
On Thursday 18 May 2006 14:48, Chad Leigh -- Shire.Net LLC wrote:
> On May 18, 2006, at 12:39 PM, Giorgos Keramidas wrote:
> > On 2006-05-18 11:03, bc <[EMAIL PROTECTED]> wrote:
> >> I want to run 6.1_RELEASE with Packet Filter(PF) configured as
> >> a gateway using 2 identical 10/100 nics, on an old 450mhz
> >> pentium with 256 meg ram and an 8 gig HD.
> >>
> >> In general, should I expect any speed performance issues with
> >> internet access base on the processor, ram and bus speeds of
> >> the MB? Would the PF config cause any speed performance
> >> deficiencies?
> >>
> >> I had same setup as above but with IPF firewall and received
> >> complaints about surfing speed so I put them back on a Linksys
> >> router firewall.
> >
> > We'd have to see the ruleset to be able to reply in an informed
> > manner. I have seen firewalls doing both filtering & NAT on a
> > system, with almost no overhead at all though.
> >
> > This top output:
> >
> > http://keramida.serverhive.com/pixelshow-top.txt
> >
> > shows that a FreeBSD 5.X system with 256 MB of physical memory is
> > happily filtering the traffic and doing NAT for more than 100
> > users, while still being 97% idle.
>
> I would think it is more than CPU speed. The speed of the PCI bus
> and the speed and efficiency of the two network cards being used
> and their drivers may have a bit to do with latency ("surfing
> speed")...
>
> Just a guess
> Chad
>
I had a dual pentium 100 with 96 megs of RAM that did ipf/ipnat for a
10mbps connection with a couple dozen users. CPU usage was usually
around 1% and load averages .03 or so. Latency and throughput were
both acceptable.
The only reason I replaced the box was it was a single point of
failure and the hardware was old enough that I was afraid there would
be some sort of show stopper breakdown.
--
Thanks,
Josh Paetzel
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "
[EMAIL PROTECTED]"
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Firewall Speed
On Thursday 18 May 2006 14:48, Chad Leigh -- Shire.Net LLC wrote:
> On May 18, 2006, at 12:39 PM, Giorgos Keramidas wrote:
> > On 2006-05-18 11:03, bc <[EMAIL PROTECTED]> wrote:
> >> I want to run 6.1_RELEASE with Packet Filter(PF) configured as
> >> a gateway using 2 identical 10/100 nics, on an old 450mhz
> >> pentium with 256 meg ram and an 8 gig HD.
> >>
> >> In general, should I expect any speed performance issues with
> >> internet access base on the processor, ram and bus speeds of
> >> the MB? Would the PF config cause any speed performance
> >> deficiencies?
> >>
> >> I had same setup as above but with IPF firewall and received
> >> complaints about surfing speed so I put them back on a Linksys
> >> router firewall.
> >
> > We'd have to see the ruleset to be able to reply in an informed
> > manner. I have seen firewalls doing both filtering & NAT on a
> > system, with almost no overhead at all though.
> >
> > This top output:
> >
> > http://keramida.serverhive.com/pixelshow-top.txt
> >
> > shows that a FreeBSD 5.X system with 256 MB of physical memory is
> > happily filtering the traffic and doing NAT for more than 100
> > users, while still being 97% idle.
>
> I would think it is more than CPU speed. The speed of the PCI bus
> and the speed and efficiency of the two network cards being used
> and their drivers may have a bit to do with latency ("surfing
> speed")...
>
> Just a guess
> Chad
>
I had a dual pentium 100 with 96 megs of RAM that did ipf/ipnat for a
10mbps connection with a couple dozen users. CPU usage was usually
around 1% and load averages .03 or so. Latency and throughput were
both acceptable.
The only reason I replaced the box was it was a single point of
failure and the hardware was old enough that I was afraid there would
be some sort of show stopper breakdown.
--
Thanks,
Josh Paetzel
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Firewall Speed
On May 18, 2006, at 12:39 PM, Giorgos Keramidas wrote:
On 2006-05-18 11:03, bc <[EMAIL PROTECTED]> wrote:
I want to run 6.1_RELEASE with Packet Filter(PF) configured as
a gateway using 2 identical 10/100 nics, on an old 450mhz
pentium with 256 meg ram and an 8 gig HD.
In general, should I expect any speed performance issues with
internet access base on the processor, ram and bus speeds of
the MB? Would the PF config cause any speed performance
deficiencies?
I had same setup as above but with IPF firewall and received
complaints about surfing speed so I put them back on a Linksys
router firewall.
We'd have to see the ruleset to be able to reply in an informed
manner. I have seen firewalls doing both filtering & NAT on a
system, with almost no overhead at all though.
This top output:
http://keramida.serverhive.com/pixelshow-top.txt
shows that a FreeBSD 5.X system with 256 MB of physical memory is
happily filtering the traffic and doing NAT for more than 100
users, while still being 97% idle.
I would think it is more than CPU speed. The speed of the PCI bus
and the speed and efficiency of the two network cards being used and
their drivers may have a bit to do with latency ("surfing speed")...
Just a guess
Chad
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Firewall Speed
On 2006-05-18 11:03, bc <[EMAIL PROTECTED]> wrote: > I want to run 6.1_RELEASE with Packet Filter(PF) configured as > a gateway using 2 identical 10/100 nics, on an old 450mhz > pentium with 256 meg ram and an 8 gig HD. > > In general, should I expect any speed performance issues with > internet access base on the processor, ram and bus speeds of > the MB? Would the PF config cause any speed performance > deficiencies? > > I had same setup as above but with IPF firewall and received > complaints about surfing speed so I put them back on a Linksys > router firewall. We'd have to see the ruleset to be able to reply in an informed manner. I have seen firewalls doing both filtering & NAT on a system, with almost no overhead at all though. This top output: http://keramida.serverhive.com/pixelshow-top.txt shows that a FreeBSD 5.X system with 256 MB of physical memory is happily filtering the traffic and doing NAT for more than 100 users, while still being 97% idle. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Firewall Speed
I want to run 6.1_RELEASE with Packet Filter(PF) configured as a gateway using 2 identical 10/100 nics, on an old 450mhz pentium with 256 meg ram and an 8 gig HD. In general, should I expect any speed performance issues with internet access base on the processor, ram and bus speeds of the MB? Would the PF config cause any speed performance deficiencies? I had same setup as above but with IPF firewall and received complaints about surfing speed so I put them back on a Linksys router firewall. bc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
