Date: Thu, 17 Aug 2000 09:58:36 -0600 (MDT) From: Nate Williams <nate@yogotech.com> To: Warner Losh <imp@village.org> Cc: Mike Silbersack <silby@silby.com>, David May <David_May@allsolutions.com.au>, freebsd-security@FreeBSD.ORG Subject: Re: [Q] why does my firewall degrade Web performance? Message-ID: <200008171558.JAA23163@nomad.yogotech.com> In-Reply-To: <200008170516.XAA09705@harmony.village.org> References: <Pine.BSF.4.21.0008161825580.14500-100000@achilles.silby.com> <200008170516.XAA09705@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> : > The firewall machine CPU load is always light. It is a Pentium II Celeron > : > 300MHz, 64Mb RAM, four Ethernet cards (3 D-Link 10/100, 1 NE2000), > : > and around 180 ipfw rules. > : > : I'm not sure how fast/slow ipfw is, but 180 rules sounds like a > : LOT. Could you get by with a few less? (Or at least try the setup with > : no rules and the firewall box just runningas a pure router.) > > 180 is about normal for having multiple cards. 300MHz should be > plenty fast enough. No kidding. I have 133 on my firewall, and it's a 486/66, and it keeps up *just fine* running with a 100MB ethernet connected to a T1. I've never seen the box under any load average, and it's been on the net since '93. We used a 486 for firewall in commercial products (and would continue to do so except that you can't find them anymore). Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008171558.JAA23163>