[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Which Hardware for Firewall
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: Which Hardware for Firewall
- From: Joachim Schipper <j_(_dot_)_schipper_(_at_)_math_(_dot_)_uu_(_dot_)_nl>
- Date: Mon, 10 Apr 2006 15:46:28 +0200
- Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
On Mon, Apr 10, 2006 at 01:00:23PM +0200, Falk Husemann wrote:
> Hello misc!
> We're using OpenBSD on our Hardware since 2003 and have run our
> Firewall on OpenBSD since that time too (always following -STABLE).
> Now the box i once built for that purpose has broken down and I'm in
> need of a replacement I'll assemble myself again. The box serves a
> squid, a pf (with 2 and 1/2 pages DinA4 ruleset), named and httpd-SSL
> The hardware will be on the low to medium end (budget 400-600 EURO).
> Which processor architecture is faster for firewalling purposes? pf
> runs in kernelspace AFAIK, so will dual-core be useless? AMD64?
> Pentium 4?
Dual-core won't do much good. AMD64 could, but the kernel is slightly
less mature and I'm not sure.
> I thought about buying 2GB+ of RAM and running parts of the system
> from RAM (tmp, squid-cache). Is this possible on OpenBSD? A quick
> google search did not turn up anything.
mount_mfs(8) could be helpful here.
You might also want to take a look at the 'async' mount option. Horrible
filesystem damage is just around the corner, but it's not like that
matters all that much for Squid's cache. Just be sure to properly catch
> A quick hint would be sufficent, I don't want to get on someones
> wick, but theres no information about firewall hardware and obsd on
> the net.
Though a couple of pointers would be neat.
Without something like a pps ratio, though, it's not clear how much
power you are going to need. A couple of good NICs are always a
worthwhile investment, though. Some pointers may be found in the archive
- ISTR that fxp was nice.
 Only relevant if using some strange hardware/drivers, or somesuch -
pretty much everyhing works.
Visit your host, monkey.org