Re: [Shorewall-users] Hardware requirements

[shorewall]

This should work on most hardware. As stated, hardware requirements seem
more dependent on other services. I run shorewall both at home and at the
office. Both run squid as a transparent proxy (as a caching server for local
users) and the server at home runs postfix (mail) as a primary mail server
for domain and a backup mail server. BIND/DNS is also running on both. The
both used to be P4 3GHz with 1/1.5GB og RAM. 

Both ran without problems og performance issues.  :-)

 

But the main reason I write is to recommend that you look at the “Proxy ARP”
functionality

http://www.shorewall.net/ProxyARP.htm

 

 

This should end your public-IP-usage-without-protection situation :-)

I love this feature!

 

Most servers I run are linux boxes, and shorewall being so brilliant that it
is (thanks Tom!) I run it locally on all the servers even if the hole net is
behind a shorewall “proxy ARP” firewall. 

 

 

Kristian Marthinussen

---------------------

A/S KK88 - GigaShopS

 <http://www.gs.no> www.gs.no

 

From: Smokin Chevy [mailto:chevy4x4b...@gmail.com] 
Sent: 11. oktober 2010 16:42
To: Shorewall Users
Subject: Re: [Shorewall-users] Hardware requirements

 

I will be pushing 25 - 30 Mbps at this point.  This will have a private
internal network with "Average" usage behind it.  Up until now I have always
had a FreeBSD box doing this job with no port forwards (Basically just an
internet sharing role).  I plan on redoing the box as it has started having
slight hardware issues and decided to go Ubuntu/Shorewall since that is what
they use at my work (which I took over as IT Manager and admin the box).
Now the only networking changes that I am considering doing is moving some
public servers to behind it.  I have had a FreeBSD email server, Ubuntu
Asterisk server, CentOS Web server, and a Windows 2k8 server open to the
internet with real world IP addresses.  I know, everyone is cringing right
about now, but I have kept up with the local security on the boxes and not
had a problem.  The asterisk box is running showewall on it for it's own
protection (I cut out most of the crap out there by black listing Russia and
China).  Anyway, I have been thinking of moving those boxes to behind the
firewall.  At that point it will be routing for a half dozen low volume
websites and a half dozen email domains.

On Mon, Oct 11, 2010 at 9:00 AM, Roberto C. Sánchez <robe...@connexer.com>
wrote:

On Mon, Oct 11, 2010 at 08:06:50AM +0200, Simon Matter wrote:
> > Does anyone have any suggestions for hardware requirements?  Will a
single
> > core have the same throughput as a dual core?  Amount of RAM?  I will be
> > using Ubuntu Server.
>
> Do you want to push some Mbits/s or multi Gbits/s through your firewall
> and do you plan to handle VPN connections terminated on the same box? That
> can make a difference but without any information nobody can really tell
> you something useful.
>

It is also worth noting that if you wish to do traffic shaping that will
impact your hardware requirements as well.  It is worth noting that if
you plan to do traffic shaping or accounting, that will require more
powerful hardware.

However, Simon is right.  Without more details it is impossible to give
you anything resembling a sensible answer.

Regards,

-Roberto

--
Roberto C. Sánchez
http://people.connexer.com/~roberto <http://people.connexer.com/%7Eroberto> 
http://www.connexer.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQIcBAEBCAAGBQJMsxh5AAoJECzXeF7dp7IPgtUP/1zdIsgKwKuBP/9sOQ1FvWWg
Z7wdJgDpO9gP2PmIVLmClw2fUJYomxV5tjb2Clj5I3a3a+YOiASF0WQtyqHSZi0A
8lJB9z+kfRu0Z4jMz79+kznl3z6dqkEg+X1BCulMoFPK9IXzfBojOmNmqsOdD8St
yhKckqoCeIqNht+kHwazokTg+bTVpFvSJ3RZlBMtBSUOS8ZVnSNN662rbD7IcbAk
9UYxbr7SgNBklfX+qk5jKFgEXEoxTvnMOncAqBtEzioGZrPkSfd8YsbcgyC13h1C
OwAOyJkvcS5WvUal+TN6czy65v4FbcOdNv4bCbYCwdTm2Unb4nbL+qyv49cBlaVl
81QYEPV2pSp1DvSL1zj/6QthYplgNQmCpAF1VGRekZviyAZ+E/5DrXiP3z/Mt8Dz
USOUjyonzE+PacLKOhhZ6fc6MTRg1slQFjpQaI+CXletY2RsdZv+1BGcOaMvjERQ
jk1sRAFuFOEjJRZGogT7ABPMSCV3KuI4MZ3ODT8H6jqE2efPpq49kX6Y4E4E8A37
R/t454+zPReZrCUneJh621ArCb7Fuz0/xCTG8bjGc2LM1TregaROcYLqBcJj9Ikq
sDskQYv+/jwyb4m7qIKYjnEDNKmqTpdU9Cmhrnkn5HpnAE8GCqwi9TnphfyeycoR
v7J2VWfJh2UbGeGj0dkV
=Yaoo
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
--
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

 


------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users