Re: Linux firewall vs Windows and Hardware based firewalls
On Fri, Aug 01, 2003 at 07:11:18AM -0400, Tom Allison wrote:
> Steve Lamb wrote:
> >On Fri, 01 Aug 2003 03:11:46 -0400 Tom Allison wrote:
> >
> > > These take an existing computer (Pentium 200 with 64MB RAM and 1GB
> > > hard drive, some would argue it's hardly worth pulling from the
> > > dumpster).
> >
> > Oddly enough I'd argue that those are wasted on a router. :)
>
> True.
>
> But when I run squid & snort on the same box, it's not a complete
> waste since these actually require some CPU cycles and disk IO to do
> their job. I currently run with all the RAM in use and about 30% in
> swap, but it's nothing that I would ever notice and whatever is in
> swap isn't anything I need during routing surfing (no disk IO beyond
> logging 99.9% of the time I've noticed it).
>
> If I skipped squid I could probably get buy with much much less of a
> machine.
We use a P166 w/ 64Meg and a 1.5 Gig drive for our company's firewall.
It runs a custom iptables script that I maintain along with a
transparent Squid proxy for web surfing, Exim w/ Spam Assassin mail
filter for spam tagging, and FreeS/WAN, PoPToP, and SSH for remote
access. I have a continual IPSEC tunnel to it from my home office for
my wife and myself.
The box was built out of discarded PC components when I started for the
company, and has served in this capacity nearly flawlessly. Only
problem I've had with it is that I didn't limit the number of Spam
Assassin processes that could run at one time when I initially installed
it. Since I corrected this, it's been running fine.
--
Jamin W. Collins
Linux is not The Answer. Yes is the answer. Linux is The Question. - Neo
Reply to: