Date: Fri, 17 Jan 2003 10:26:16 -0500 From: Bill Moran <wmoran@potentialtech.com> To: Redmond Militante <r-militante@northwestern.edu> Cc: freebsd-questions@freebsd.org Subject: Re: need help in setting up a demilitarized zone Message-ID: <3E282098.9080308@potentialtech.com> References: <20030117143601.GA2181@darkpossum>
next in thread | previous in thread | raw e-mail | index | archive | help
Redmond Militante wrote: > hi all > > so i have my gateway/ipfw/natd machine working, protecting a test client box. this gateway box is > an dell optiplex gx150 pIII 930 mhz with 128 mb of ram, 2 nics - one integrated intel pro 1000, > the other a really old 3com 3c905b that i pulled out of an old junker computer that we were going > to throw out. > > i would like this gateway box to protect our webserver, our mysql server, and possibly another > webserver. our webserver is a dual xeon dell poweredge 1650 with 2 gig of ram, it gets sometimes > more than 100000 hits a day, and is hooked up to a t100 line. > > will my little optiplex gateway box be able to keep up with a webserver that's this busy? i know > i at least have to replace the 3com 3c905b card on it, as i'm pretty sure that that type of nic > can't even handle a t100 connection. but - is the computer itself fast enough? You don't say what kind of bandwidth the 100,000 hits/day equates to but assuming and average 15k/hit, that equates to about 17k/sec on busy days. If all you're doing on the Optiplex is ipfw filtering and port forwarding, I think it will keep up just fine. If you want it to be a reverse proxy, you may have to beef it up a bit (probably add RAM for the proxy cache) The Handbook has a statement on IPFWs performance at the end of the firewall section: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html (it's all the way at the bottom) and the tests there seem to indicate that a 486/66 could handle the load you describe. There are other factors, though. On your busy days, is the load spread out over all or most of the 24 hour period, or does 90% of it come during a 2 hour spike? If it's spiking pretty hard, your requirements might be well above the 17k/sec I estimated. > also - does anyone > have any recommendations for a good 4 port hub or switch for this particular purpose? right now > i'm using an old netgear en 104tp, which is probably not ideal. Not familiar with the hub you describe, but if you're running 100mb/sec ethernet, you're not even scraping the surface with the bandwidth I estimated. Again, this could change if your busy days are caused by huge spikes over short periods of time that you need to be able to handle. -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E282098.9080308>