"Victor Foulk" <[EMAIL PROTECTED]> wrote: > Hello all, > > I have been looking into setting up a network gateway > using a FreeBSD box, so that I may employ many of the > network security features of the system (and to > overcome the fact that the current network is > insecurely connected to a much larger ~public LAN). > > The configuration would be much like this: > {Internet}--{Huge/NastyLAN}--{FreeBSDGate}--{SafeLAN} > > Most of what I see states that I should use > a *minimum* of: > > 266Mhz processor > 64MB RAM > 1GB HD (actually ~2GB based on number > desired security apps) > 2 Compatible NIC's > > What I really had hoped to find, was more of an experienced > networking guru's thumb rule equating the number of safeLAN > workstations with the required gateway RAM/Processor; to > enable all safeLAN users to experience a minimal network > transaction time roughly equivalent to what they would see > if plugged directly into a really good hub. > Something maybe in the form of: > Proc Speed = X*Users+Y > RAM = W*Users+Z > > I am far too new at this to have a clue what numbers to use > to even approximate. Any advice on this matter would be most > appreciated. > Thanks! > Victor
Unfortunatley, there isn't a simple way to develop such an equation. How much CPU/RAM you need is going to be dependant on more than just the number of computers involved. Two additional factors can play a large part: 1) The number of firewall rules and 2) the amount of traffic (such as UDP) that creates dynamic rules. Rules take time to process, and more traffic takes more time with more rules. UDP traffic usually requires stateful rules, and that generates dynamic rules, which increases the amount of time to process each packet. So it's important to design your ruleset carefully to avoid unnecessary processing. However, in my experience, the most critical hardware choice is the network cards themselves. Cheapo network cards will really hurt performance under load. So toss the cheapo Realtek cards into the trash and spend a little extra on an Intel or other name brand card designed for a server. As a general rule of thumb, I won't put FreeBSD on anything smaller than a 1Ghz with 128M of RAM and 4G of disk space. While you can get away with smaller, that's about the minimum before using the box for maintenance purposes becomes a terrible burdon. Try upgrading and rebuilding world on a 266! -- Bill Moran Potential Technologies http://www.potentialtech.com _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"