From owner-freebsd-security  Thu Aug 17  9: 7:27 2000
Delivered-To: freebsd-security@freebsd.org
Received: from alpha.simphost.com (alpha.simphost.com [216.84.199.194])
	by hub.freebsd.org (Postfix) with ESMTP id F30CA37B777
	for <freebsd-security@FreeBSD.ORG>; Thu, 17 Aug 2000 09:07:20 -0700 (PDT)
Received: by alpha.simphost.com (Postfix, from userid 1004)
	id 557F730720; Thu, 17 Aug 2000 10:07:40 -0600 (MDT)
Received: from localhost (localhost [127.0.0.1])
	by alpha.simphost.com (Postfix) with ESMTP
	id 4F1CD2C90F; Thu, 17 Aug 2000 10:07:40 -0600 (MDT)
Date: Thu, 17 Aug 2000 10:07:40 -0600 (MDT)
From: "Jonathan M. Slivko" <jmslivko@simphost.com>
To: Nate Williams <nate@yogotech.com>
Cc: Warner Losh <imp@village.org>, Mike Silbersack <silby@silby.com>,
	David May <David_May@allsolutions.com.au>,
	freebsd-security@FreeBSD.ORG
Subject: Re: [Q] why does my firewall degrade Web performance? 
In-Reply-To: <200008171558.JAA23163@nomad.yogotech.com>
Message-ID: <Pine.BSF.4.21.0008171007310.66675-100000@alpha.simphost.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I have some i'm willing to sell if anyone is interested ;)

----
Jonathan M. Slivko <jmslivko@simphost.com>
Technical Support: Simple Hosting Solutions
Sys Administrator: BN Networks

Looking for shells and hosting? check out
http://www.simphost.com for great deals!
----

On Thu, 17 Aug 2000, Nate Williams wrote:

> > : > The firewall machine CPU load is always light. It is a Pentium II Celeron
> > : > 300MHz, 64Mb RAM, four Ethernet cards (3 D-Link 10/100, 1 NE2000),
> > : > and around 180 ipfw rules.
> > : 
> > : I'm not sure how fast/slow ipfw is, but 180 rules sounds like a
> > : LOT.  Could you get by with a few less?  (Or at least try the setup with
> > : no rules and the firewall box just runningas a pure router.)
> > 
> > 180 is about normal for having multiple cards.  300MHz should be
> > plenty fast enough.
> 
> No kidding.  I have 133 on my firewall, and it's a 486/66, and it keeps
> up *just fine* running with a 100MB ethernet connected to a T1.
> 
> I've never seen the box under any load average, and it's been on the net
> since '93.  We used a 486 for firewall in commercial products (and
> would continue to do so except that you can't find them anymore).
> 
> 
> 
> Nate
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message