Hi everyone Happy new Year to all. I have some questions. I want to use an 486 DX 33 with 32 MB Ram as an Paketfilter Firewall with IPChains on a SuSE 6.3 System in an 100 MBit Lan enviroment to connect 2 Networks. Is the Maschine Speed fast enough to do the Job (Down or Upload with the full 100 MBit/s ) ????? Or shall i use an Pentium ???? For an ISDN Router with IPChains is it fast enough to use the full 64 KBit/s. I use it at home. Does anyone known about an free application Firewall for HTTP, FTP, DNS , ....??? Is the Squid an application Firewall ???? I think not !!!!! MFG Stephan Gerling gerling@kub.de
I don't think you'll find 100MBit cards for the ISA-Bus in a 486 ... so you'll have to use a pentium ...
Does anyone known about an free application Firewall for HTTP, FTP, DNS , ....??? Is the Squid an application Firewall ???? I think not !!!!! squid is a http proxy ... you can use socks5 (not hard to get) for icq, etc. and kernel masquerading for other applications.
3Com makes an ISA 100MBit NIC, though I seriously doubt that a 486 could quite manage to throw enough data at it to make it saturate or even dominate a 100tx environment, just mentioning it in case his hub is 100TX exclusive (have one here myself). Personally, I'm going to resurrect one of my old 586-133 machines for a router/firewall since I now have DSL service. Should handle the low end DSL service (640K down, 90K up) well enough through a 3com 10/100 NIC. Off topic: Anyone get bridging working? Tried briefly (according to the bridging howto) to get my old 2.0.35 kernel machine to do it with only brief success (needs to bridge to my old multia-166 box only)... :/
I don't think you'll find 100MBit cards for the ISA-Bus in a 486 ... so you'll have to use a pentium ...
Does anyone known about an free application Firewall for HTTP, FTP, DNS , ....??? Is the Squid an application Firewall ???? I think not !!!!! squid is a http proxy ... you can use socks5 (not hard to get) for icq, etc. and kernel masquerading for other applications.
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Stephan,
Hi everyone Happy new Year to all. I have some questions.
I want to use an 486 DX 33 with 32 MB Ram as an Paketfilter Firewall with IPChains on a SuSE 6.3 System in an 100 MBit Lan enviroment to connect 2 Networks. Is the Maschine Speed fast enough to do the Job (Down or Upload with the full 100 MBit/s ) ????? Or shall i use an Pentium ????
A Pentium-100 can make around 27-32 MBit/s with a tulip nic. A 486-DX 33 will not be able to saturate a 10 Base-x network. Also keep in mind that a single peocessor machine can't read a frame on one nic and write one on the other at the same time. This means that the maximum throughput of your router would not reach the 30 MBit/s of the P-100 mentioned above.
For an ISDN Router with IPChains is it fast enough to use the full 64 KBit/s. I use it at home.
The speed is limited by the CPU, the memory access speed, the PCI subsystem, the nic and the performance of the kernel code. Additional speed drawbacks can be avoided by limiting disk accesses and other resource-intense activities to the bare minimum. ipchains is only the configuration frontend that inserts the rules into the kernel so that the firewall code can work with them. Thus, ipchains has nothing to do with speed at all.
Does anyone known about an free application Firewall for HTTP, FTP, DNS , ....??? Is the Squid an application Firewall ???? I think not !!!!!
MFG Stephan Gerling
Your "!"- and "?"-keys are broken. :-) Roman Drahtmüller. -- _ _ | Roman Drahtmüller "Freedom means that you can choose | CC University of Freiburg what you want to learn at a given | email: draht@uni-freiburg.de time." A. Becker, 1999 | - - People often find it easier to be a result of the past than a cause of the future.
Hi it seems to me that you know very well about the through-put dependend on the used cpu. could you tell me if it makes sense to install an 386DX40 as packetfilter with kernel 2.2 for 1/2 ISDN-channels? my problem is that i'm playing too much quake ;) means, that pings growing only 10ms are not acceptable for me... thx, Rupert
participants (5)
-
lwr1 -
Markus Gaugusch -
Roman Drahtmueller -
Rupert Koenig -
Stephan Gerling