Well, this theory of "always overhead" sounds a little simplistic to me. But I might
be very wrong since it depends very much on how things are implemented.
Let's see. The card and the main processor are two different things (even if tey are
not, Linux is multitask). Taking a packet p1 beeing treated by the proc, if it can
treat it in less time than it takes the card to receive packet p2, there should be NO
overhead at all.
Now the pb is more about the packets themselves. Once again, I don't know exactly how
things are implemented. But if you do masquerading, it seems you have to add
information both ways in the packets in order to retreive the right destination on the
way back. This is an overhead. But it doesn't depend on the speed of your processor as
long as it can treat the packets as fast as they come in.
Am I missing something ??
Philippe
Timothy Lillicrap <[EMAIL PROTECTED]> writes:
> I have a 486DX 66mhz which I am thinking of using as a firewall/gateway in a
> similar manor. Unfortunately I live in the country and have to use a dialup
> connection. At the moment I have a pentium 200 mhz which is serving as the
> firewall/gateway, but I would like to use it for something else as it seems a
> waste to use just for the gateway.
>
> I understand that there will always be some sort of overhead when using a
> firewall. My question is - will I notice a difference if I switch from a
> pentium 200 to a 486 66 as my gateway. I thought that because I am on dialup
> that I may not even notice the difference due to the fact that so little
> throughput is happening (4-5K a second).
>
> Could anyone tell me if I should expect to see a difference????
>
> thanks
>
> Timothy Lillicrap
>
>
> >
> > It is this rewriting of headers that consumes CPU time and actually
> > slows the system. While I get 1.1MB down with my DSL when a machine is
> > directly connected to the DSL modem, I find there is roughly a 20% lug
> > on speed when going through the 486SX firewall. Speed drops to 850 to
> > 900MB down behind the Linux firewall.
> >
> > Eventually I plan to upgrade to a Pentium firewall as the prices for
> > the 90MZ to 166MZ machines drops to near zero. PCI NIC's should also
> > help. However, there is always going to be overhead when running a
> > firewall. Protection does not come with zero cost.
> >
> >
> > --
> > To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> > as the Subject.
>
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
