Am 13.04.2009 um 12:13 schrieb Lenny:
Hi guys,
first of all, thanks for all the support!
Anyway, unfortunately, after all the hell I've been through with
this, our CEO is not interested in buying a new server:(
But let's put all the "smart" decisions aside as I have to figure
out what can I replace it with.
I don't think there is a free replacement for pfSense that performs as
well (or even better).
At least, not with the same usability.
There's always OpenBSD's bare pf ;-)
I guess you could try and create a ruleset via pfSense and transfer it
to an OpenBSD box...
Or one of the hundred unusable iptables GUIs that float around
freshmeat/sourceforge.
OK, "unusable" is maybe an over-generalization. But there have been
enough posts in the forums and on this list from people who claimed to
have tried every single one of them and then still returned to
pfSense...
The first thing I thought about was m0n0wall, as I want to stay as
close to pfSense and FreeBSD as possible.
So the question is: will the x335 server with 2x3.06GHZ Xeons be
enough for my traffic? To remind you, I have to handle around
150kpps, which is about 300Mb.
From my first look at this distro I saw that it doesn't have SMP,
shell access and it defaults to 30000 states, which is impossible to
change unless you rebuild the whole thing from scratch.
I was looking at 1.25, because as I understand it's built on FreeBSD
4, which should be faster.
I'm not sure if FreeBSD4 actually runs on modern hardware anymore.
You will have problems detecting most hard-disks nowadays.
But the X335 might actually work.
Plus, in pfSense I had to change a couple of things in the "em"
driver, will I have to do it here too?
If I stand no chance with dealing with such traffic via m0n0wall, is
there anything you could advise that would actually run on this old
machine?
I'd try the latest version of OpenBSD with rules generated from
pfSense (never did that, but you should at least be able to use those
as a guidance).
OpenBSD is quite efficient (but lacked good SMP-support last time I
seriously looked).
The hardware in your case is also old enough, so it should actually
run ;-)
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
