Re: Hardware requirements for firewall
On Thu, 8 Jan 2004, Wayne Pascoe wrote: > > Another alternative.. prepare both machines. Have the better machine ready > > to do an able to be connected/switched to at a moments notice. Put the > > slower machine on at the slowest day. Monitor it closely as traffic grows. > > That's probably the way forward, yes. Thanks. Also go over the kernel and disable anything you don't need. I have never needed to squeeze every cycle of performance out of a machine, but it should help to reduce un necessary programs from been run. You may also try to find from others which firewall is more efficient if ipfw or ipf. Also find from others who have had firewalls on busy networks how rules order may possible have an impact in performance. Best of luck in this project.. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Hardware requirements for firewall
On Thu, Jan 08, 2004 at 09:49:19AM +, [EMAIL PROTECTED] wrote: > Introducing a new machine has a certain level of risk. What is your > contingency plan if the machine fails anyway? The plan is to just remove the machine from the circuit. Instead of having a cable to the machine from the first switch and then another cable from the machine to the second switch, the plan is to just replace that with a single cable between the two switches and revert to how we are now. > If there is so much at stake why not use the better machine then? Budget . I have a very limited one, and if I lose this machine to the firewall, I then have less resources available for hosting. > Another alternative.. prepare both machines. Have the better machine ready > to do an able to be connected/switched to at a moments notice. Put the > slower machine on at the slowest day. Monitor it closely as traffic grows. That's probably the way forward, yes. Thanks. -- Wayne Pascoe There's optimism... and then there's stupidity! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Hardware requirements for firewall
On Wed, 7 Jan 2004, Wayne Pascoe wrote: > > Why not just try it? > > Because it's a commercial hosting operation pushing up to 20Mb/s with > SLA's to our clients. > > My biggest fear is not that this won't work, but that it will work but > with intermittant bugs. Introducing a new machine has a certain level of risk. What is your contingency plan if the machine fails anyway? If there is so much at stake why not use the better machine then? Another alternative.. prepare both machines. Have the better machine ready to do an able to be connected/switched to at a moments notice. Put the slower machine on at the slowest day. Monitor it closely as traffic grows. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Hardware requirements for firewall
On Wed, Jan 07, 2004 at 01:36:25PM +, Francisco wrote: > On Wed, 7 Jan 2004, Wayne Pascoe wrote: > > > Pentium III 667 Mhz with 512MB RAM > > 2 x Intel EtherExpress 100Mb cards > > > Would either of these machines be able to meet my firewall requirements > > > Why not just try it? Because it's a commercial hosting operation pushing up to 20Mb/s with SLA's to our clients. My biggest fear is not that this won't work, but that it will work but with intermittant bugs. Any performance loss will cost us money and I'm just trying to do a bit of research before leaping in :) -- Wayne Pascoe You cannot apply a technological solution to a sociological problem. (Edwards' Law) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Hardware requirements for firewall
On Wed, 7 Jan 2004, Wayne Pascoe wrote: > Pentium III 667 Mhz with 512MB RAM > 2 x Intel EtherExpress 100Mb cards > Would either of these machines be able to meet my firewall requirements Why not just try it? It should be fairly simple to move from one machine to the other if need be. If the only thing that the box will be doing is firewall I would think the 667Mhz machine should be fine. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Hardware requirements for firewall
Hi all, I'm trying to place a FreeBSD firewall into our network. It needs to be able to filter traffic for up to 50 machines using a total of up to 128 IP addresses between them. The daily average traffic inbound is 4276.3 kb/s with today's max being 7695.0 kb/s. We do need to be able to cope with up to 30 Mb/s for extended periods of time though (months). The network setup will be as follows: - 2 Cisco 36xx's connected to ISP's backbone and a 100Mb switch - FreeBSD machine with 2 interfaces, one connected to the same switch as the routers and the other connected to the switch that all the servers are connected to - 100Mb Switch with all hosting servers connected to it, as well as the second interface on the FreeBSD firewall I want to run the firewall in bridging mode, so there will be no IP's assigned to the ethernet interfaces of that machine, and it will be invisible on the network. I then want to use IPFW to filter all incoming and outgoing traffic. The machine I have in mind for this task is as follows: Pentium III 667 Mhz with 512MB RAM 2 x Intel EtherExpress 100Mb cards If this is not sufficient I have the following: Intel Xeon 2.80GHz with 2GB RAM 1 x Intel PRO/1000 Network adaptor 1 x Intel EtherExpress Pro/100(B) I would prefer to avoid having to use the second machine if at all possible as this has been designated as a server, but if the first machine listed here is not sufficient then I would have to. Would either of these machines be able to meet my firewall requirements ? Regards, -- Wayne Pascoe If there's anything more important than my ego around, I want it caught and shot now! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"