Date: Fri, 19 May 2006 10:53:43 -0300 From: "Alexandre Biancalana" <biancalana@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: Firewall Speed Message-ID: <8e10486b0605190653q11762752k7af0c49a033e48d3@mail.gmail.com> In-Reply-To: <200605190804.03254.josh@tcbug.org> References: <446CA8DE.9000801@pcisys.net> <20060518183955.GA62203@gothmog.pc> <7A110F49-74E5-4628-A1BE-3171A140FB6F@shire.net> <200605190804.03254.josh@tcbug.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I have a Pentium III 600Mhz 720MB Ram running FreeBSD 4.10 with IPFW+Nat+Squid+Qmail with Clamav+dnscache, routing 4 internal networks (around 500 users), 3x 2Mbit/s links and a 1Mb internet link. Everything works perfect !! I will change the machine by the same problem that Josh said. Regards, Alexandre On 5/19/06, Josh Paetzel <josh@tcbug.org> wrote: > > On Thursday 18 May 2006 14:48, Chad Leigh -- Shire.Net LLC wrote: > > On May 18, 2006, at 12:39 PM, Giorgos Keramidas wrote: > > > On 2006-05-18 11:03, bc <bc3910@pcisys.net> wrote: > > >> I want to run 6.1_RELEASE with Packet Filter(PF) configured as > > >> a gateway using 2 identical 10/100 nics, on an old 450mhz > > >> pentium with 256 meg ram and an 8 gig HD. > > >> > > >> In general, should I expect any speed performance issues with > > >> internet access base on the processor, ram and bus speeds of > > >> the MB? Would the PF config cause any speed performance > > >> deficiencies? > > >> > > >> I had same setup as above but with IPF firewall and received > > >> complaints about surfing speed so I put them back on a Linksys > > >> router firewall. > > > > > > We'd have to see the ruleset to be able to reply in an informed > > > manner. I have seen firewalls doing both filtering & NAT on a > > > system, with almost no overhead at all though. > > > > > > This top output: > > > > > > http://keramida.serverhive.com/pixelshow-top.txt > > > > > > shows that a FreeBSD 5.X system with 256 MB of physical memory is > > > happily filtering the traffic and doing NAT for more than 100 > > > users, while still being 97% idle. > > > > I would think it is more than CPU speed. The speed of the PCI bus > > and the speed and efficiency of the two network cards being used > > and their drivers may have a bit to do with latency ("surfing > > speed")... > > > > Just a guess > > Chad > > > > I had a dual pentium 100 with 96 megs of RAM that did ipf/ipnat for a > 10mbps connection with a couple dozen users. CPU usage was usually > around 1% and load averages .03 or so. Latency and throughput were > both acceptable. > > The only reason I replaced the box was it was a single point of > failure and the hardware was old enough that I was afraid there would > be some sort of show stopper breakdown. > > -- > Thanks, > > Josh Paetzel > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8e10486b0605190653q11762752k7af0c49a033e48d3>