Re: PII fast enough for firewall
On Mon, Dec 03, 2007 at 08:03:20PM +0100, Peter Teunissen wrote:
> On 3-dec-2007, at 7:25, Ron Johnson wrote:
> >On 12/02/07 22:22, John Schmidt wrote:
> >>I have a 15K Mbs connection (up/down) to my house (fiber to the
> >>home).
> >>
> >>I have a Buffalo router that connects to my WAN and then one of the
> >>LAN ports on this router connects to my IPCOP firewall that is
> >>running on a PII -- 400 MHz box with 64 MB of RAM.
> >>
> >>When I do a speed test from my box behind my IPCOP firewall, I get
> >>about 10K Mbs up/down.
> >>
> >>If I move the connection to one of the Buffalo router LAN
> >>connections, I get the advertised 15K Mbs up/down speed.
> >>
> >>So routing traffic thru the IPCOP firewall slows things down quite
> >>a bit. Is this to be expected?
> >
> >It is if IPCOP puts a load on the CPU or starts swapping memory.
> >
> >Does it?
> >
> >> I was thinking of changing the firewall to a
> >>debian box running shorewall, and was wondering if I could tweak the
> >>firewall/ router to not slow things down appreciably like the ipcop
> >>box is doing.
> >
>
> FWIW, you could try m0n0wall instead, it runs fine on my FW with 64MB
> & 450mhz PII. I get 10MB/sec throughput without full load on the cpu.
>
Or OpenBSD. Has a much smaller memory footprint (means less swapping)
than linux and perhaps faster as well. Also, since its a firewall,
OpenBSD is supposed to be the most secure firewall to which regular
people have access.
Doug.
Reply to: