From owner-freebsd-questions@FreeBSD.ORG Fri May 19 13:53:50 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 94C7A16A4E1 for ; Fri, 19 May 2006 13:53:50 +0000 (UTC) (envelope-from biancalana@gmail.com) Received: from wx-out-0102.google.com (wx-out-0102.google.com [66.249.82.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id 19A8043D48 for ; Fri, 19 May 2006 13:53:47 +0000 (GMT) (envelope-from biancalana@gmail.com) Received: by wx-out-0102.google.com with SMTP id i30so233312wxd for ; Fri, 19 May 2006 06:53:44 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=htdL/hnh8Yt525aQ/lIAIRu8mmgSpUcWP7qtUnBywyyehEjRrXyEmi9gCDlYKDIPWVQsPZEENhDYeBc19L+31DCHhfij6m6yRrj/JMJARZPCb5dsz8EGc3i6ek/d7P4Olb0aGRLzcMtoDO7sl7Kot5yMst51/iyySkX0J3UF0yM= Received: by 10.70.60.6 with SMTP id i6mr2022668wxa; Fri, 19 May 2006 06:53:43 -0700 (PDT) Received: by 10.70.123.7 with HTTP; Fri, 19 May 2006 06:53:43 -0700 (PDT) Message-ID: <8e10486b0605190653q11762752k7af0c49a033e48d3@mail.gmail.com> Date: Fri, 19 May 2006 10:53:43 -0300 From: "Alexandre Biancalana" To: freebsd-questions@freebsd.org In-Reply-To: <200605190804.03254.josh@tcbug.org> MIME-Version: 1.0 References: <446CA8DE.9000801@pcisys.net> <20060518183955.GA62203@gothmog.pc> <7A110F49-74E5-4628-A1BE-3171A140FB6F@shire.net> <200605190804.03254.josh@tcbug.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: Firewall Speed X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 May 2006 13:53:50 -0000 I have a Pentium III 600Mhz 720MB Ram running FreeBSD 4.10 with IPFW+Nat+Squid+Qmail with Clamav+dnscache, routing 4 internal networks (around 500 users), 3x 2Mbit/s links and a 1Mb internet link. Everything works perfect !! I will change the machine by the same problem that Josh said. Regards, Alexandre On 5/19/06, Josh Paetzel wrote: > > On Thursday 18 May 2006 14:48, Chad Leigh -- Shire.Net LLC wrote: > > On May 18, 2006, at 12:39 PM, Giorgos Keramidas wrote: > > > On 2006-05-18 11:03, bc wrote: > > >> I want to run 6.1_RELEASE with Packet Filter(PF) configured as > > >> a gateway using 2 identical 10/100 nics, on an old 450mhz > > >> pentium with 256 meg ram and an 8 gig HD. > > >> > > >> In general, should I expect any speed performance issues with > > >> internet access base on the processor, ram and bus speeds of > > >> the MB? Would the PF config cause any speed performance > > >> deficiencies? > > >> > > >> I had same setup as above but with IPF firewall and received > > >> complaints about surfing speed so I put them back on a Linksys > > >> router firewall. > > > > > > We'd have to see the ruleset to be able to reply in an informed > > > manner. I have seen firewalls doing both filtering & NAT on a > > > system, with almost no overhead at all though. > > > > > > This top output: > > > > > > http://keramida.serverhive.com/pixelshow-top.txt > > > > > > shows that a FreeBSD 5.X system with 256 MB of physical memory is > > > happily filtering the traffic and doing NAT for more than 100 > > > users, while still being 97% idle. > > > > I would think it is more than CPU speed. The speed of the PCI bus > > and the speed and efficiency of the two network cards being used > > and their drivers may have a bit to do with latency ("surfing > > speed")... > > > > Just a guess > > Chad > > > > I had a dual pentium 100 with 96 megs of RAM that did ipf/ipnat for a > 10mbps connection with a couple dozen users. CPU usage was usually > around 1% and load averages .03 or so. Latency and throughput were > both acceptable. > > The only reason I replaced the box was it was a single point of > failure and the hardware was old enough that I was afraid there would > be some sort of show stopper breakdown. > > -- > Thanks, > > Josh Paetzel > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >