From owner-freebsd-questions@FreeBSD.ORG Thu May 18 18:38:06 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2BE3A16A5DE for ; Thu, 18 May 2006 18:38:06 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from igloo.linux.gr (igloo.linux.gr [62.1.205.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1038243D78 for ; Thu, 18 May 2006 18:38:02 +0000 (GMT) (envelope-from keramida@ceid.upatras.gr) Received: from gothmog.pc (host5.bedc.ondsl.gr [62.103.39.229]) (authenticated bits=128) by igloo.linux.gr (8.13.6/8.13.6/Debian-1) with ESMTP id k4IIbkoi022423 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 18 May 2006 21:37:50 +0300 Received: from gothmog.pc (gothmog [127.0.0.1]) by gothmog.pc (8.13.6/8.13.6) with ESMTP id k4IIdtGJ062225; Thu, 18 May 2006 21:39:55 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from giorgos@localhost) by gothmog.pc (8.13.6/8.13.6/Submit) id k4IIdtLX062224; Thu, 18 May 2006 21:39:55 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Date: Thu, 18 May 2006 21:39:55 +0300 From: Giorgos Keramidas To: bc Message-ID: <20060518183955.GA62203@gothmog.pc> References: <446CA8DE.9000801@pcisys.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <446CA8DE.9000801@pcisys.net> X-Hellug-MailScanner: Found to be clean X-Hellug-MailScanner-SpamCheck: not spam, SpamAssassin (score=-3.403, required 5, autolearn=not spam, ALL_TRUSTED -1.80, AWL 0.80, BAYES_00 -2.60, DNS_FROM_RFC_ABUSE 0.20) X-Hellug-MailScanner-From: keramida@ceid.upatras.gr X-Spam-Status: No Cc: freebsd-questions@freebsd.org Subject: Re: Firewall Speed X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 May 2006 18:38:06 -0000 On 2006-05-18 11:03, bc wrote: > I want to run 6.1_RELEASE with Packet Filter(PF) configured as > a gateway using 2 identical 10/100 nics, on an old 450mhz > pentium with 256 meg ram and an 8 gig HD. > > In general, should I expect any speed performance issues with > internet access base on the processor, ram and bus speeds of > the MB? Would the PF config cause any speed performance > deficiencies? > > I had same setup as above but with IPF firewall and received > complaints about surfing speed so I put them back on a Linksys > router firewall. We'd have to see the ruleset to be able to reply in an informed manner. I have seen firewalls doing both filtering & NAT on a system, with almost no overhead at all though. This top output: http://keramida.serverhive.com/pixelshow-top.txt shows that a FreeBSD 5.X system with 256 MB of physical memory is happily filtering the traffic and doing NAT for more than 100 users, while still being 97% idle.