heavy load proxy+nat server with ipfw ?
Ed Stover
estover at nativenerds.com
Tue May 10 00:11:10 PDT 2005
Abu Khaled wrote:
> On 5/10/05, Ed Stover <estover at nativenerds.com> wrote:
>
>>S t i n g r a y wrote:
>>
>>>i want to replace my microsoft based firewall with a
>>>freebsd based firewall + proxy + NAt server based on
>>>ipfw , with internet users approx upto 800-1000
>>>simaltanious . i already have the internet link +
>>>hardware to support it ,
>>>do you guys think ipfw + squid with freebsd will be
>>>able to handle such loads ?
>>>
>>>
>>>thanks
>>>
>>>
>>>*º¤., ¸¸,.¤º*¨¨¨*¤ Stingray *º¤., ¸¸,.¤º*¨¨*¤
>>>
>>
>>Yes very much so. At a local college they have over 700 PCs surfing the
>>net constintly through a P3 700Mhz 512MB Ram and 10Gb HDD. The machine
>>is running FreeBSD 4.5, squid, squidGuard, ipfw, natd. Transparent
>>content filtering and nat. Simple sweet and fast...
>
>
> I use FreeBSD 5 STABLE as a Router with IPFW, DUMMYNET, Squid,
> DansGuardian and Bind as a forwarding DNS cache for 100 users. All
> this is running on an old PIII 500Mhz with 128MB ram and 20GB HDD. 100
> users may not be much but I guess with more RAM The FreeBSD box well
> handle more clients.
> I only use the BOX to test FreeBSD 5 performance for future plans and
> so far it rocks except for a few problems (sure thats what STABLE is
> for).
>
> Ed, can you please tell me more about "Transparent content filtering".
> Sounds intresting
>
Ooo yea, this is a good one taught to me by guru master BB of the black
hills. Ok all web requests are on port 80 right? I am going to use
psuedo commands to try and get this accross.
#from natbox
1 allow all traffic on port 80 from localhost out
2 forward all incoming port 80 requests to 8080 or what ever port you
run squid on.
3. squidguard or dansguardian server as the content filering.
No one can opt out of having there web access content filtered by not
using the caching system. They have to use the caching system.
More information about the freebsd-questions
mailing list