Re: Firewall Speed
On Thursday 18 May 2006 14:48, Chad Leigh -- Shire.Net LLC wrote: On May 18, 2006, at 12:39 PM, Giorgos Keramidas wrote: On 2006-05-18 11:03, bc [EMAIL PROTECTED] wrote: I want to run 6.1_RELEASE with Packet Filter(PF) configured as a gateway using 2 identical 10/100 nics, on an old 450mhz pentium with 256 meg ram and an 8 gig HD. In general, should I expect any speed performance issues with internet access base on the processor, ram and bus speeds of the MB? Would the PF config cause any speed performance deficiencies? I had same setup as above but with IPF firewall and received complaints about surfing speed so I put them back on a Linksys router firewall. We'd have to see the ruleset to be able to reply in an informed manner. I have seen firewalls doing both filtering NAT on a system, with almost no overhead at all though. This top output: http://keramida.serverhive.com/pixelshow-top.txt shows that a FreeBSD 5.X system with 256 MB of physical memory is happily filtering the traffic and doing NAT for more than 100 users, while still being 97% idle. I would think it is more than CPU speed. The speed of the PCI bus and the speed and efficiency of the two network cards being used and their drivers may have a bit to do with latency (surfing speed)... Just a guess Chad I had a dual pentium 100 with 96 megs of RAM that did ipf/ipnat for a 10mbps connection with a couple dozen users. CPU usage was usually around 1% and load averages .03 or so. Latency and throughput were both acceptable. The only reason I replaced the box was it was a single point of failure and the hardware was old enough that I was afraid there would be some sort of show stopper breakdown. -- Thanks, Josh Paetzel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Firewall Speed
I have a Pentium III 600Mhz 720MB Ram running FreeBSD 4.10 with IPFW+Nat+Squid+Qmail with Clamav+dnscache, routing 4 internal networks (around 500 users), 3x 2Mbit/s links and a 1Mb internet link. Everything works perfect !! I will change the machine by the same problem that Josh said. Regards, Alexandre On 5/19/06, Josh Paetzel [EMAIL PROTECTED] wrote: On Thursday 18 May 2006 14:48, Chad Leigh -- Shire.Net LLC wrote: On May 18, 2006, at 12:39 PM, Giorgos Keramidas wrote: On 2006-05-18 11:03, bc [EMAIL PROTECTED] wrote: I want to run 6.1_RELEASE with Packet Filter(PF) configured as a gateway using 2 identical 10/100 nics, on an old 450mhz pentium with 256 meg ram and an 8 gig HD. In general, should I expect any speed performance issues with internet access base on the processor, ram and bus speeds of the MB? Would the PF config cause any speed performance deficiencies? I had same setup as above but with IPF firewall and received complaints about surfing speed so I put them back on a Linksys router firewall. We'd have to see the ruleset to be able to reply in an informed manner. I have seen firewalls doing both filtering NAT on a system, with almost no overhead at all though. This top output: http://keramida.serverhive.com/pixelshow-top.txt shows that a FreeBSD 5.X system with 256 MB of physical memory is happily filtering the traffic and doing NAT for more than 100 users, while still being 97% idle. I would think it is more than CPU speed. The speed of the PCI bus and the speed and efficiency of the two network cards being used and their drivers may have a bit to do with latency (surfing speed)... Just a guess Chad I had a dual pentium 100 with 96 megs of RAM that did ipf/ipnat for a 10mbps connection with a couple dozen users. CPU usage was usually around 1% and load averages .03 or so. Latency and throughput were both acceptable. The only reason I replaced the box was it was a single point of failure and the hardware was old enough that I was afraid there would be some sort of show stopper breakdown. -- Thanks, Josh Paetzel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Firewall Speed
On 2006-05-18 11:03, bc [EMAIL PROTECTED] wrote: I want to run 6.1_RELEASE with Packet Filter(PF) configured as a gateway using 2 identical 10/100 nics, on an old 450mhz pentium with 256 meg ram and an 8 gig HD. In general, should I expect any speed performance issues with internet access base on the processor, ram and bus speeds of the MB? Would the PF config cause any speed performance deficiencies? I had same setup as above but with IPF firewall and received complaints about surfing speed so I put them back on a Linksys router firewall. We'd have to see the ruleset to be able to reply in an informed manner. I have seen firewalls doing both filtering NAT on a system, with almost no overhead at all though. This top output: http://keramida.serverhive.com/pixelshow-top.txt shows that a FreeBSD 5.X system with 256 MB of physical memory is happily filtering the traffic and doing NAT for more than 100 users, while still being 97% idle. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Firewall Speed
On May 18, 2006, at 12:39 PM, Giorgos Keramidas wrote: On 2006-05-18 11:03, bc [EMAIL PROTECTED] wrote: I want to run 6.1_RELEASE with Packet Filter(PF) configured as a gateway using 2 identical 10/100 nics, on an old 450mhz pentium with 256 meg ram and an 8 gig HD. In general, should I expect any speed performance issues with internet access base on the processor, ram and bus speeds of the MB? Would the PF config cause any speed performance deficiencies? I had same setup as above but with IPF firewall and received complaints about surfing speed so I put them back on a Linksys router firewall. We'd have to see the ruleset to be able to reply in an informed manner. I have seen firewalls doing both filtering NAT on a system, with almost no overhead at all though. This top output: http://keramida.serverhive.com/pixelshow-top.txt shows that a FreeBSD 5.X system with 256 MB of physical memory is happily filtering the traffic and doing NAT for more than 100 users, while still being 97% idle. I would think it is more than CPU speed. The speed of the PCI bus and the speed and efficiency of the two network cards being used and their drivers may have a bit to do with latency (surfing speed)... Just a guess Chad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
