From owner-freebsd-net Mon Mar 29 12:57:28 1999 Delivered-To: freebsd-net@freebsd.org Received: from inner.net (avarice.inner.net [199.33.248.2]) by hub.freebsd.org (Postfix) with ESMTP id B3C4F14D56 for ; Mon, 29 Mar 1999 12:57:19 -0800 (PST) (envelope-from cmetz@inner.net) Received: from inner.net (cmetz.cstone.net [205.197.102.217]) by inner.net (8.9.1/8.9.1) with ESMTP id UAA10838; Mon, 29 Mar 1999 20:51:34 GMT Message-Id: <199903292051.UAA10838@inner.net> To: Mike Thompson Cc: mike@sentex.net (Mike Tancsa), freebsd-net@FreeBSD.ORG Subject: Re: FreeBSD as a router In-reply-to: Your message of "Mon, 29 Mar 1999 11:53:50 PST." <4.1.19990329115145.00a62ab0@mail.dnai.com> X-Copyright: Copyright 1999, Craig Metz, All Rights Reserved. X-Reposting: With explicit permission only Date: Mon, 29 Mar 1999 15:55:46 -0500 From: Craig Metz Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <4.1.19990329115145.00a62ab0@mail.dnai.com>, you write: >Sorry, I should have defined high-capacity better. I would like to >isolate a half-dozen FreeBSD servers running a custom distributed >web application behind a router/firewall. This is to increase >security for intra-machine communication. At our co-location >facility we have a 100Mb ethernet tap to a Cisco switch/router >combination isolating our systems on a VPN. My question is about >whether FreeBSD can keep up as a router (with a few firewall rules) >between two 100Mb ethernet networks on decent hardware such as 2 PCI >NICs and a 450 MHz PII. From the responses it sounds like it can. If you're using FreeBSD as a firewall between servers and the Internet, what really matters here is not the 100Mb/s local links but the speed of your WAN link, because that's how much traffic is really going to move through that box. Can FreeBSD keep up with a T1/E1 line? I'd be surprised if it couldn't. Can FreeBSD keep up with a DS3? Given good enough hardware, probably. Faster than that as total traffic going through the box and you need to worry. -Craig To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message