[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Which Hardware for Firewall
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: Which Hardware for Firewall
- From: Giancarlo Razzolini <linux-fan_(_at_)_onda_(_dot_)_com_(_dot_)_br>
- Date: Tue, 11 Apr 2006 11:46:30 -0300
- Reply-to: linux-fan_(_at_)_onda_(_dot_)_com_(_dot_)_br
Falk Husemann wrote:
> Hello misc!
> We're using OpenBSD on our Hardware since 2003 and have run our Firewall
> on OpenBSD since that time too (always following -STABLE).
> Now the box i once built for that purpose has broken down and I'm in
> need of a replacement I'll assemble myself again. The box serves a
> squid, a pf (with 2 and 1/2 pages DinA4 ruleset), named and httpd-SSL
> The hardware will be on the low to medium end (budget 400-600 EURO).
> Which processor architecture is faster for firewalling purposes? pf runs
> in kernelspace AFAIK, so will dual-core be useless? AMD64? Pentium 4?
> I thought about buying 2GB+ of RAM and running parts of the system from
> RAM (tmp, squid-cache). Is this possible on OpenBSD? A quick google
> search did not turn up anything.
> A quick hint would be sufficent, I don't want to get on someones wick,
> but theres no information about firewall hardware and obsd on the net.
> Thanks in advance,
My home firewall is serving 4-5 machines, 2 of them full-time connected
to the internet. And 3 others sometimes are connected. I run apache,
dhcpd, named, openvpn, webmin, ifstated, plus some others things. I do
have a one and half pages of rules. But the better part, my hardware:
CPU: Pentium 133
Mem: 64MB EDO
Two 10Mbit ethernet cards: An ep(4) based card and an ne(4) based card.
It stays 80% idle most of the time (not counting when i download the
last lost episode using torrents and dht :))
So, unless you have a huge amount of traffic, i recommend buying a good
machine for yourself and using the one you have for the firewall.
My 3 cents,
Linux User 172199
Moleque Sem Conteudo Numero #002
Snike Tecnologia em Informatica
4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]