[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Which Hardware for Firewall

Falk Husemann wrote:
> Hello misc!
> We're using OpenBSD on our Hardware since 2003 and have run our Firewall
> on OpenBSD since that time too (always following -STABLE).
> Now the box i once built for that purpose has broken down and I'm in
> need of a replacement I'll assemble myself again. The box serves a
> squid, a pf (with 2 and 1/2 pages DinA4 ruleset), named and httpd-SSL
> The hardware will be on the low to medium end (budget 400-600 EURO).
> Which processor architecture is faster for firewalling purposes? pf runs
> in kernelspace AFAIK, so will dual-core be useless? AMD64? Pentium 4?
> I thought about buying 2GB+ of RAM and running parts of the system from
> RAM (tmp, squid-cache). Is this possible on OpenBSD? A quick google
> search did not turn up anything.
> A quick hint would be sufficent, I don't want to get on someones wick,
> but theres no information about firewall hardware and obsd on the net.
> Thanks in advance,
> Falk

My home firewall is serving 4-5 machines, 2 of them full-time connected
to the internet. And 3 others sometimes are connected. I run apache,
dhcpd, named, openvpn, webmin, ifstated, plus some others things. I do
have a one and half pages of rules. But the better part, my hardware:
CPU: Pentium 133
Mem: 64MB EDO
Two 10Mbit ethernet cards: An ep(4) based card and an ne(4) based card.

It stays 80% idle most of the time (not counting when i download the
last lost episode using torrents and dht :))

So, unless you have a huge amount of traffic, i recommend buying a good
machine for yourself and using the one you have for the firewall.

My 3 cents,
Giancarlo Razzolini
Linux User 172199
Moleque Sem Conteudo Numero #002
Slackware Current
OpenBSD Stable
Snike Tecnologia em Informatica
4386 2A6F FFD4 4D5F 5842  6EA0 7ABE BBAB 9C0E 6B85

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Visit your host, monkey.org