Re: need firewall advice
On Sun, 15 Nov 1998, George Bonser wrote:
> On Sun, 15 Nov 1998, Stuart Marshall wrote:
>
> > I will be setting up a firewall and need to decide what type of
> > computer to buy. It will be a debian intel pc running as a
> > packet filtering system (restricting various ports, etc) and will
> > have 2 100 BaseT interfaces. I plan to use 2.1.XXX kernels and
> > ipchains. In the future it may get fancier with proxy support and
> > more interfaces on the inside of the wall. What I need to know
> > now is how much computer to buy. Should I get 450 MHz PII or is
> > an older 200 MHz PPro enough? How much memory and disk should be
> > available for possible future proxy services?
>
> The bottleneck will be the PCI interface, not the CPU. A P166 would be
> plenty. Going much higher than this really isn't going to buy you
> anything. If your connection to the internet is less than a DS3, a 486 can
> easilly saturate it. In other words, if all you have is a T1 to the
> internet, just about any PC will do the job. A 100MB NIC to the internet
> means nothing if the internet connection is a T1 on the other side of the
> router. You are never going to receive more than 193K Bytes/second on a
> T1.
>
> If all you are doing is a firewall, Get a cheapo PC that works with Linux.
> Don't spend more than US$500 on it. Any more computer horsepower will not
> buy you a thing in throughput.
>
> George Bonser
>
i have "double-homed-host" on Intel p200 with 32Mb RAM and i think it is
enough - i am connected to T1 /av. 50-60 Kb/, so about 5mips should be ok
IMHO it is not good to have very fast machines as packet filter
- such systems are more attractive for crackers/hackers.
Where do you want to install this packet-filter ? /between internet and
intranet, between intranets/ What kind of FW system are you going to
create ? /dual-homed-host, screened network, only packet filtering/ ?
sorry if this message was not useful for you
Piotr Wachowiak
burzum@security.org.pl
Reply to: