Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 22 May 2000 22:54:14 -0500 (CDT)
From:      Brennan W Stehling <brennan@offwhite.net>
To:        Lehquin@aol.com
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: firewall, how much horsepower?
Message-ID:  <Pine.BSF.4.21.0005222242100.31753-100000@home.offwhite.net>
In-Reply-To: <9f.5b1fdb1.265b3b7a@aol.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Lots of questions...

I currently run a FreeBSD box as a Network Address Translator and a
Firewall for my DSL connection.  The DSL line comes into the black DSL box
which has 5 ethernet ports.  I connect that to one of my two ethernet
cards in the FreeBSD box.  I set that up as my outside gateway.  Here is a
page for reference...

http://www.freebsddiary.org/natrules.html

The other NIC card connects to 8 port hub where I have my iMac connect
with a private block of IP addresses.  I am using 192.168.1.*.  I use
ipnat and ipfw to do the network translation and firewalling.  They
running smoothly despite pulling down many mp3 files.  :)

My box is a PIII 550, so I cannot say if a 486 can handle the work you are
asking about, but I would venture to say it will work no problem.

Through ipnat, ipfw, sendmail and bind on there and let it rip.  Consider
what the box will be doing.  There really is very little to process.  If
you have enough memory to hold the kernel and filter rules and things in
memory it will run fast enough.  DNS and Sendmail are almost a non issue
as requests to those services would be quite rare... and if they are a
little sluggish, are you really going to notice much?

Doing address translation and firealling may take a bit of a toll on the
processor but that depends on how much traffic you will have going
through the computer.  I feel that these systems are very efficient, so it
may work really well.

But your biggest issues to manage will be your ethernet cards.  They will
be doing most of the work and you can easily get new cards and install
them if you have old ones which do not perform as you hope.

If you simply run this as a server for these services I would guess that
you would be ok.  If you want to render graphics or run X windows on this
machine, I would say you would want a faster processor.

I'd be curious how well this system does perform once you start using
it.  I would not mind running my natd/firewall server on a cheaper box so
I can tinker with the fast pentium for other uses.

:)

Brennan Stehling - web developer and sys admin
projects: www.greasydaemon.com | www.onmilwaukee.com | www.sncalumni.com

Microsoft: Will you get a macro virus today?

On Mon, 22 May 2000 Lehquin@aol.com wrote:

> Hi:
> 
> I'm thinking about a network connection to the internet, either ISDN 
> or DSL router. If I want to setup a firewall using FreeBSD, how much
> horsepower does the box need? I'm thinking that it won't need much 
> power to just pass IP packets back and forth. It will need just need 
> 2 ethernet cards right? Would a 486 66 w/ pentium upgrade chip and 
> 64Meg Ram be enough?
> 
> Regardless of the horsepower, what about other services. Can I run 
> sendmail, and DNS on the same box that's the firewall. How do I 
> makesure that the "Server Services" are protected behind the firewall 
> eventhough they are on the same box. Would this mean that the 
> server services would answer TCP/IP packets only on the ethernet 
> interface that is on my side of the firewall.
> 
> lehquinn
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0005222242100.31753-100000>