Dan Monjar wrote:
Working it now... this is end of year keeping myself busy project for the next two weeks. Eventually the hope is to filter from a VPN switch being fed from a 4.5Mb Internet link. I'm using a through-away 233MHz at 64MB system. For production I'd want something better but this is just proof-of-concept stuff.
Think I am wasting my time and should look for something beefier now?
Depending on how complicated your rule set is, you can easily filter 100MBits of traffic with that box. You'll want to make sure you've got reasonably good NICs, I'd recommend something like an Intel or 3Com nic, and you'll be in good shape. Even in the case of using a Realtek, it's just slightly higher CPU usage for the host system (15% or so) - which since at 100MBits you'll probably not approach 30% utilization, I wouldn't worry too much about it. Now this of course all assumes you've got under say 10,000 rules in your firewall - and you're not doing really obscure types of matching in a poorly written fashion. OpenBSD firewalls are often made out of tiny little Soerkis(sp?) boxes, which are over-glorified 486s, and they do a quite-nice job.
Aaron S. Joyner -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
