From owner-freebsd-questions Mon May 22 20:54:19 2000 Delivered-To: freebsd-questions@freebsd.org Received: from home.offwhite.net (home.offwhite.net [156.46.35.30]) by hub.freebsd.org (Postfix) with ESMTP id 3436F37B74E for ; Mon, 22 May 2000 20:54:16 -0700 (PDT) (envelope-from brennan@offwhite.net) Received: from localhost (brennan@localhost) by home.offwhite.net (8.9.1/8.9.3) with ESMTP id WAA32075; Mon, 22 May 2000 22:54:14 -0500 (CDT) Date: Mon, 22 May 2000 22:54:14 -0500 (CDT) From: Brennan W Stehling To: Lehquin@aol.com Cc: freebsd-questions@FreeBSD.ORG Subject: Re: firewall, how much horsepower? In-Reply-To: <9f.5b1fdb1.265b3b7a@aol.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Lots of questions... I currently run a FreeBSD box as a Network Address Translator and a Firewall for my DSL connection. The DSL line comes into the black DSL box which has 5 ethernet ports. I connect that to one of my two ethernet cards in the FreeBSD box. I set that up as my outside gateway. Here is a page for reference... http://www.freebsddiary.org/natrules.html The other NIC card connects to 8 port hub where I have my iMac connect with a private block of IP addresses. I am using 192.168.1.*. I use ipnat and ipfw to do the network translation and firewalling. They running smoothly despite pulling down many mp3 files. :) My box is a PIII 550, so I cannot say if a 486 can handle the work you are asking about, but I would venture to say it will work no problem. Through ipnat, ipfw, sendmail and bind on there and let it rip. Consider what the box will be doing. There really is very little to process. If you have enough memory to hold the kernel and filter rules and things in memory it will run fast enough. DNS and Sendmail are almost a non issue as requests to those services would be quite rare... and if they are a little sluggish, are you really going to notice much? Doing address translation and firealling may take a bit of a toll on the processor but that depends on how much traffic you will have going through the computer. I feel that these systems are very efficient, so it may work really well. But your biggest issues to manage will be your ethernet cards. They will be doing most of the work and you can easily get new cards and install them if you have old ones which do not perform as you hope. If you simply run this as a server for these services I would guess that you would be ok. If you want to render graphics or run X windows on this machine, I would say you would want a faster processor. I'd be curious how well this system does perform once you start using it. I would not mind running my natd/firewall server on a cheaper box so I can tinker with the fast pentium for other uses. :) Brennan Stehling - web developer and sys admin projects: www.greasydaemon.com | www.onmilwaukee.com | www.sncalumni.com Microsoft: Will you get a macro virus today? On Mon, 22 May 2000 Lehquin@aol.com wrote: > Hi: > > I'm thinking about a network connection to the internet, either ISDN > or DSL router. If I want to setup a firewall using FreeBSD, how much > horsepower does the box need? I'm thinking that it won't need much > power to just pass IP packets back and forth. It will need just need > 2 ethernet cards right? Would a 486 66 w/ pentium upgrade chip and > 64Meg Ram be enough? > > Regardless of the horsepower, what about other services. Can I run > sendmail, and DNS on the same box that's the firewall. How do I > makesure that the "Server Services" are protected behind the firewall > eventhough they are on the same box. Would this mean that the > server services would answer TCP/IP packets only on the ethernet > interface that is on my side of the firewall. > > lehquinn > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message