The only problem w/ supporting a T1 on that hardware would be the memory bandwidth. ISA NICs don't implement the kind of buffering a PCI NIC does, so you might run into problems (remember, a 486/66 runs it's memory bus at 33mhz). In a prior life, I did the experiments w/ ISA NICs and was never really able to drive them more than about 17% of the 10BaseT speed. Note that some of the fancy stuff (processor off-load, parallel tasking, etc.) that they used to charge an arm and leg for really does work!
Finally, filtering bridges can be used for other things! (I know you can do this with Linux, I'm assuming FreeBSD has similar capabilities) You can use the queuing disciplines to limit bandwidth and set priorities for specific services. I did this with Linux, to simulate slower speed lines for some VoIP tests. What's really cool is that I was able to rate-limit the VoIP stuff, but still allow all the other traffic in and out of my machine at full speed, yet give the VoIP priority, so that it was an honest test of slower lines. The one thing to remember is that you have to do it twice, as cbq et al only affect traffic leaving an interface. -----Burton -----Original Message----- From: Snow, Corey [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 11:16 AM To: '[EMAIL PROTECTED]'; Jeff Aufderheide Cc: [EMAIL PROTECTED] Subject: RE: Cracking a server without services (filtering bridges) I run a filtering bridge on my home system between the DSL and the DMZ. It runs FreeBSD 4.5 on a 486 DX2/66 with 32MB RAM and two ancient GeniusLAN NIC cards (10-BaseT, they've even got the old coax connectors on the back). With that setup I can run my "public" servers (mail and web, mostly) and run NAT through another firewall for my internal stuff. Makes for a pretty secure setup, assuming all is maintained properly. It works great. The setup was pretty simple, once I got my head around how ipfw worked. As far as throughput goes, it works pretty well on my 768K DSL line, and I would think I could probably handle a T1 on it with little difficulty. After all, even a T1 is only about 15% of the bandwidth available on a 10 Mbit/s ethernet. I haven't run any scientific tests, but I get good ping times and my use of all the same stuff I used before I set it up seems unaffected (i.e., I saw no change in performance). The real point is that I assembled this box out of the boneyard that most of us have kicking around- an old 540MB IDE drive, a few old 8M SIMMs that I never got around to throwing out, and two ISA NIC cards which probably couldn't be given away, and I've got a pretty decent little bridging firewall. Make it headless and it's even better; saves room on the desktop and a port on the KVM. ;-) It can be done on the dirt-cheap, if you're willing to put some effort into it. Corey M. Snow- [EMAIL PROTECTED] I don't speak for my employer.
