From owner-freebsd-questions@FreeBSD.ORG Fri May 19 13:04:06 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C0A716A606 for ; Fri, 19 May 2006 13:04:06 +0000 (UTC) (envelope-from josh@tcbug.org) Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [216.148.227.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7102C43D48 for ; Fri, 19 May 2006 13:04:05 +0000 (GMT) (envelope-from josh@tcbug.org) Received: from gimpy (c-24-118-173-219.hsd1.mn.comcast.net[24.118.173.219]) by comcast.net (rwcrmhc13) with ESMTP id <20060519130404m1300fa7ude>; Fri, 19 May 2006 13:04:04 +0000 From: Josh Paetzel To: freebsd-questions@freebsd.org Date: Fri, 19 May 2006 08:04:03 -0500 User-Agent: KMail/1.9.1 References: <446CA8DE.9000801@pcisys.net> <20060518183955.GA62203@gothmog.pc> <7A110F49-74E5-4628-A1BE-3171A140FB6F@shire.net> In-Reply-To: <7A110F49-74E5-4628-A1BE-3171A140FB6F@shire.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200605190804.03254.josh@tcbug.org> Cc: bc Subject: Re: Firewall Speed X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 May 2006 13:04:06 -0000 On Thursday 18 May 2006 14:48, Chad Leigh -- Shire.Net LLC wrote: > On May 18, 2006, at 12:39 PM, Giorgos Keramidas wrote: > > On 2006-05-18 11:03, bc wrote: > >> I want to run 6.1_RELEASE with Packet Filter(PF) configured as > >> a gateway using 2 identical 10/100 nics, on an old 450mhz > >> pentium with 256 meg ram and an 8 gig HD. > >> > >> In general, should I expect any speed performance issues with > >> internet access base on the processor, ram and bus speeds of > >> the MB? Would the PF config cause any speed performance > >> deficiencies? > >> > >> I had same setup as above but with IPF firewall and received > >> complaints about surfing speed so I put them back on a Linksys > >> router firewall. > > > > We'd have to see the ruleset to be able to reply in an informed > > manner. I have seen firewalls doing both filtering & NAT on a > > system, with almost no overhead at all though. > > > > This top output: > > > > http://keramida.serverhive.com/pixelshow-top.txt > > > > shows that a FreeBSD 5.X system with 256 MB of physical memory is > > happily filtering the traffic and doing NAT for more than 100 > > users, while still being 97% idle. > > I would think it is more than CPU speed. The speed of the PCI bus > and the speed and efficiency of the two network cards being used > and their drivers may have a bit to do with latency ("surfing > speed")... > > Just a guess > Chad > I had a dual pentium 100 with 96 megs of RAM that did ipf/ipnat for a 10mbps connection with a couple dozen users. CPU usage was usually around 1% and load averages .03 or so. Latency and throughput were both acceptable. The only reason I replaced the box was it was a single point of failure and the hardware was old enough that I was afraid there would be some sort of show stopper breakdown. -- Thanks, Josh Paetzel