Date: Fri, 19 May 2006 08:04:03 -0500 From: Josh Paetzel <josh@tcbug.org> To: freebsd-questions@freebsd.org Cc: bc <bc3910@pcisys.net> Subject: Re: Firewall Speed Message-ID: <200605190804.03254.josh@tcbug.org> In-Reply-To: <7A110F49-74E5-4628-A1BE-3171A140FB6F@shire.net> References: <446CA8DE.9000801@pcisys.net> <20060518183955.GA62203@gothmog.pc> <7A110F49-74E5-4628-A1BE-3171A140FB6F@shire.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 18 May 2006 14:48, Chad Leigh -- Shire.Net LLC wrote: > On May 18, 2006, at 12:39 PM, Giorgos Keramidas wrote: > > On 2006-05-18 11:03, bc <bc3910@pcisys.net> wrote: > >> I want to run 6.1_RELEASE with Packet Filter(PF) configured as > >> a gateway using 2 identical 10/100 nics, on an old 450mhz > >> pentium with 256 meg ram and an 8 gig HD. > >> > >> In general, should I expect any speed performance issues with > >> internet access base on the processor, ram and bus speeds of > >> the MB? Would the PF config cause any speed performance > >> deficiencies? > >> > >> I had same setup as above but with IPF firewall and received > >> complaints about surfing speed so I put them back on a Linksys > >> router firewall. > > > > We'd have to see the ruleset to be able to reply in an informed > > manner. I have seen firewalls doing both filtering & NAT on a > > system, with almost no overhead at all though. > > > > This top output: > > > > http://keramida.serverhive.com/pixelshow-top.txt > > > > shows that a FreeBSD 5.X system with 256 MB of physical memory is > > happily filtering the traffic and doing NAT for more than 100 > > users, while still being 97% idle. > > I would think it is more than CPU speed. The speed of the PCI bus > and the speed and efficiency of the two network cards being used > and their drivers may have a bit to do with latency ("surfing > speed")... > > Just a guess > Chad > I had a dual pentium 100 with 96 megs of RAM that did ipf/ipnat for a 10mbps connection with a couple dozen users. CPU usage was usually around 1% and load averages .03 or so. Latency and throughput were both acceptable. The only reason I replaced the box was it was a single point of failure and the hardware was old enough that I was afraid there would be some sort of show stopper breakdown. -- Thanks, Josh Paetzel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200605190804.03254.josh>