Firewall Speed

Alexandre Biancalana biancalana at gmail.com
Fri May 19 06:53:50 PDT 2006 

I have a Pentium III 600Mhz 720MB Ram running FreeBSD 4.10 with
IPFW+Nat+Squid+Qmail with Clamav+dnscache, routing 4 internal networks
(around 500 users), 3x 2Mbit/s links and a 1Mb internet link. Everything
works perfect !!

I will change the machine by the same problem that Josh said.

Regards,

Alexandre

On 5/19/06, Josh Paetzel <josh at tcbug.org> wrote:
>
> On Thursday 18 May 2006 14:48, Chad Leigh -- Shire.Net LLC wrote:
> > On May 18, 2006, at 12:39 PM, Giorgos Keramidas wrote:
> > > On 2006-05-18 11:03, bc <bc3910 at pcisys.net> wrote:
> > >> I want to run 6.1_RELEASE with Packet Filter(PF) configured as
> > >> a gateway using 2 identical 10/100 nics, on an old 450mhz
> > >> pentium with 256 meg ram and an 8 gig HD.
> > >>
> > >> In general, should I expect any speed performance issues with
> > >> internet access base on the processor, ram and bus speeds of
> > >> the MB?  Would the PF config cause any speed performance
> > >> deficiencies?
> > >>
> > >> I had same setup as above but with IPF firewall and received
> > >> complaints about surfing speed so I put them back on a Linksys
> > >> router firewall.
> > >
> > > We'd have to see the ruleset to be able to reply in an informed
> > > manner.  I have seen firewalls doing both filtering & NAT on a
> > > system, with almost no overhead at all though.
> > >
> > > This top output:
> > >
> > >     http://keramida.serverhive.com/pixelshow-top.txt
> > >
> > > shows that a FreeBSD 5.X system with 256 MB of physical memory is
> > > happily filtering the traffic and doing NAT for more than 100
> > > users, while still being 97% idle.
> >
> > I would think it is more than CPU speed.  The speed of the PCI bus
> > and the speed and efficiency of the two network cards being used
> > and their drivers may have a bit to do with latency ("surfing
> > speed")...
> >
> > Just a guess
> > Chad
> >
>
> I had a dual pentium 100 with 96 megs of RAM that did ipf/ipnat for a
> 10mbps connection with a couple dozen users.  CPU usage was usually
> around 1% and load averages .03 or so.  Latency and throughput were
> both acceptable.
>
> The only reason I replaced the box was it was a single point of
> failure and the hardware was old enough that I was afraid there would
> be some sort of show stopper breakdown.
>
> --
> Thanks,
>
> Josh Paetzel
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
>

More information about the freebsd-questions mailing list