high-end firewall
I've been asked to spec a firewall for our network at work. While I find
pleanty of info about using linux as a low-end home firewall, and it doesn't
seem to tax the system hard, I havn't found much about how well it scales
up, and what kind of hardware is needed to run it.
We have a /24 with around 150 systems on it, and growing. The
incoming feed is 100baseFX full duplex, with a T3 bottleneck upstream.
We have 10 managed 24-port Fast ethernet switches (in four locations)
connected together with 1000baseSX. Our users are in several
different departments, and it would be best to group them. (The
switches can do VLANs.)
Since I havn't found a pre-packaged solution that fits our needs,
I'm looking into using a linux box as a router.
Are there any quad fast ethernet cards supported by debian/potato?
(I've found them for solaris and microsoft.) 6-8 interfaces is
difficult without multi-port cards. An alternate would be 1000baseSX
with multiple mac addresses. (The linksys switches can't vlan by IP,
only be mac. The SMC switches can vlan by IP.)
Would a gigahertz Pentium 3 be able to handle the load of routing
between several 100baseTX cards without being a bottleneck?
Does the remaining Novel crap have to stay outside the firewall, since
it would only pass IP? (Or can debian do IPX routing?)
--
Blars Blarson blarson@blars.org
http://www.blars.org/blars.html
"Text is a way we cheat time." -- Patrick Nielsen Hayden
Reply to: