486 PC as a firewall device?
Hello SuSE folkz, I've got an old 486 DX 75MHz PC with PCI and ISA slots. I'd like to to utilize this dinosaur as a firewall box using two 100MB/sec PCI NICs. Could somebody please give me an idea what system hardware resources are mostly involved in performance of the firewall device? Processor speed, front bus speed, internet connection, or something else? Can I get a best performance out of this junk? Thank you in advance. Alex -- MS Windows users should be covered under the Americans with Disabilities Act! --------------> Try Linux and you'll understand why <--------------
On Sunday 17 February 2002 07:50, Alex Daniloff wrote:
Hello SuSE folkz, I've got an old 486 DX 75MHz PC with PCI and ISA slots. I'd like to to utilize this dinosaur as a firewall box using two 100MB/sec PCI NICs. Could somebody please give me an idea what system hardware resources are mostly involved in performance of the firewall device? Processor speed, front bus speed, internet connection, or something else? Can I get a best performance out of this junk? Thank you in advance. Alex
There are a number of factors... how are you planning on using the 486 as a firewall? Are you going to invent your own configuration and install? Or, have you found some firewall software package you plan to use? Smoothwall, for example, is a nice firewall package that will turn an old PC like you have into a router/firewall. If you use this package on a 486 with 100mb NICs on a small home network - 2 or 3 machines - you will not notice any speed issues. The general bottlenecks you will have, using the Smoothwall example, are: Processor - trying to filter more packets than the processor can handle. You can use a 386, but 486 or higher is better. Drive space - too small HD (under 100 MB), and using your firewall machine as a web proxy means lots of drive access delays. RAM - not enough RAM... less than 8MB is a problem Internet connection - slow dialup connection is always limited. Use the fastest that is available/affordable. Front bus speed - never looked at this as a possible speed limiing factor. Basically performance depends on how you are planning on using the old machine (configuration, firewall application etc.), and what kind of network it's going to serve. C.
On Sunday 17 February 2002 07:34, Clayton Cornell wrote:
On Sunday 17 February 2002 07:50, Alex Daniloff wrote:
Hello SuSE folkz, I've got an old 486 DX 75MHz PC with PCI and ISA slots. I'd like to to utilize this dinosaur as a firewall box using two 100MB/sec PCI NICs.
There are a number of factors... how are you planning on using the 486 as a firewall? Are you going to invent your own configuration and install? Or, have you found some firewall software package you plan to use?
Smoothwall, for example, is a nice firewall package that will turn an old PC like you have into a router/firewall. If you use this package on a 486 with 100mb NICs on a small home network - 2 or 3 machines - you will not notice any speed issues.
The general bottlenecks you will have, using the Smoothwall example, are: Processor - trying to filter more packets than the processor can handle. You can use a 386, but 486 or higher is better. Drive space - too small HD (under 100 MB), and using your firewall machine as a web proxy means lots of drive access delays. RAM - not enough RAM... less than 8MB is a problem Internet connection - slow dialup connection is always limited. Use the fastest that is available/affordable. Front bus speed - never looked at this as a possible speed limiing factor.
Basically performance depends on how you are planning on using the old machine (configuration, firewall application etc.), and what kind of network it's going to serve.
* Jon Clausen;
And lately a CD based version has been introduced, so you can go beyond the (after all) pretty limited space available on a floppy.
All in all, a very nice way to go, IMHO. Lots of different features, and a friendly mailing-list, to help you out of a tight spot...
The only thing that I do not like is the glibc version which means you can not use a binary package from your SuSE CD since the glibc is different. :-( Sentryfirewall is CD based as Gibraltar with Sentry being Slackware born and Gibraltar Debian. It would be realy nice if there was a version based on SuSE ( yes I know the SuSE Firewall product). -- Togan Muftuoglu http://dinamizm.ath.cx
On Sunday 17 February 2002 10:26, Togan Muftuoglu wrote:
* Jon Clausen;
on 17 Feb, 2002 wrote: And lately a CD based version has been introduced, so you can go beyond the (after all) pretty limited space available on a floppy.
All in all, a very nice way to go, IMHO. Lots of different features, and a friendly mailing-list, to help you out of a tight spot...
The only thing that I do not like is the glibc version which means you can not use a binary package from your SuSE CD since the glibc is different. :-(
Sentryfirewall is CD based as Gibraltar with Sentry being Slackware born and Gibraltar Debian. It would be realy nice if there was a version based on SuSE ( yes I know the SuSE Firewall product).
There is that, but since I've only used the floppy based version as yet, pretty much any binary, off of any distro would be too big to fit ;) Jon
participants (4)
-
Alex Daniloff
-
Clayton Cornell
-
Jon Clausen
-
Togan Muftuoglu