Re: PII fast enough for firewall
On Sunday 02 December 2007, John Schmidt wrote:
> Hi,
>
> I have a 15K Mbs connection (up/down) to my house (fiber to the home).
>
> I have a Buffalo router that connects to my WAN and then one of the LAN
> ports on this router connects to my IPCOP firewall that is running on a PII
> -- 400 MHz box with 64 MB of RAM.
>
> When I do a speed test from my box behind my IPCOP firewall, I get about
> 10K Mbs up/down.
>
> If I move the connection to one of the Buffalo router LAN connections, I
> get the advertised 15K Mbs up/down speed.
>
> So routing traffic thru the IPCOP firewall slows things down quite a bit.
> Is this to be expected? I was thinking of changing the firewall to a
> debian box running shorewall, and was wondering if I could tweak the
> firewall/router to not slow things down appreciably like the ipcop box is
> doing.
>
> Thanks,
>
> John Schmidt
To follow up on my issues with network speeds coming out of my firewall, I am
a bit embarrassed to admit that I had an old ISA 10 Mbps card connecting to
my LAN which was the culprit.
During the process of figuring things out, I removed my IPCOP configuration
and installed Etch + shorewall + faster NIC on the same box and am now seeing
roughly 15 Mbps connections like I am supposed to from my firewalled
connections.
I had to learn a bit about shorewall configuration and ensuring that my 2 NICS
were consistently labeled via udev (which fortunately happens automatically).
I am much more comfortable with my debian setup than messing around with
ipcop's web browser configuration.
John
Reply to: