Re: system requirements

To: "D'jinnie" <jinn@irony.org>
Cc: debian-firewall@lists.debian.org
Subject: Re: system requirements
From: Elie Rosenblum <fnord@cosanostra.net>
Date: Fri, 5 Nov 1999 15:41:36 -0500
Message-id: <[🔎] 19991105154136.A22108@cosanostra.net>
In-reply-to: <[🔎] Pine.LNX.4.10.9911051352070.4201-100000@triton.irony.org>; from jinn@irony.org on Fri, Nov 05, 1999 at 01:56:26PM -0600
References: <[🔎] Pine.LNX.4.10.9911051352070.4201-100000@triton.irony.org>

On Fri, Nov 05, 1999 at 01:56:26PM -0600, D'jinnie wrote:
> [please Cc: me with your replies]
> Well, I've finally convinced my boss to take Linux seriously and get a
> firewall (since the University I attend and work for, that shall remain
> nameless, does not have one). She asked me a question that rather floored
> me - if we get an older PC to just be a dedicated firewall machine, what
> are the min. system requirements for it not to slow anything down? I
> wasn't sure how to answer that, although I think pretty much anything
> above a 486 with an acceptable amount of RAM will do...this will be for a
> department, several NT servers, 2 Solaris boxes, other assorted stuff. Any
> help, pointers, URLs, etc would be appreciated!

Depends how much bandwidth it has to pump, and what it has to do 
besides just route traffic.

A 486 with 8M of RAM and a stripped down debian installation was
more than enough to sit between a private network and two dialup
lines. A K6-2 with 128M of RAM doesn't even notice the extra load
of sitting between a public network and a private network, handling
up to a full T1 of bandwidth to the rest of the world and doing
masquerading of the private net, and handling squid for two or 
three active web users.

A low end pentium with 16M of ram should be able to handle any
reasonable traffic from T1 to 10Mbit LAN; that's if it doesn't have
to do things like squid and such. For real userland stuff, you'll
want more RAM. Of course, strip the OS down to the bare bones of
what you actually need for the firewall - my debian masquerading
486 was only using a 100M hard drive, and had plenty of room to
spare (that was with the full perl installation, for handling route
table generation to route some things to one dialup and some to the
other). SOCKS will use more resources on the firewall than just
routing packets (using the firewall just to filter) or masquerading
(using the firewall for NAT). Don't run anything on the firewall
that you can run elsewhere - leeched cycles are your enemy.

The trick, of course, is to use good ethernet cards - DECchip tulip
cards are great, though even ne2000's and such can work without any
problems for low end solutions.

-- 
Elie Rosenblum                 That is not dead which can eternal lie,
http://www.cosanostra.net   And with strange aeons even death may die.
Admin / Mercenary / System Programmer             - _The Necronomicon_

Reply to:

References:
- system requirements
  - From: "D'jinnie" <jinn@irony.org>

Prev by Date: Re: system requirements
Next by Date: Re: system requirements
Previous by thread: Re: system requirements
Next by thread: Re: system requirements
Index(es):
- Date
- Thread