On Sun, 15 Nov 1998, George Bonser wrote:
> On Sun, 15 Nov 1998, Stuart Marshall wrote: > > > I will be setting up a firewall and need to decide what type of > > computer to buy. It will be a debian intel pc running as a > > packet filtering system (restricting various ports, etc) and will > > have 2 100 BaseT interfaces. I plan to use 2.1.XXX kernels and > > ipchains. In the future it may get fancier with proxy support and > > more interfaces on the inside of the wall. What I need to know > > now is how much computer to buy. Should I get 450 MHz PII or is > > an older 200 MHz PPro enough? How much memory and disk should be > > available for possible future proxy services? > > The bottleneck will be the PCI interface, not the CPU. A P166 would be > plenty. Going much higher than this really isn't going to buy you > anything. If your connection to the internet is less than a DS3, a 486 can > easilly saturate it. In other words, if all you have is a T1 to the > internet, just about any PC will do the job. A 100MB NIC to the internet > means nothing if the internet connection is a T1 on the other side of the > router. You are never going to receive more than 193K Bytes/second on a > T1. > > If all you are doing is a firewall, Get a cheapo PC that works with Linux. > Don't spend more than US$500 on it. Any more computer horsepower will not > buy you a thing in throughput. > > George Bonser > i have "double-homed-host" on Intel p200 with 32Mb RAM and i think it is enough - i am connected to T1 /av. 50-60 Kb/, so about 5mips should be ok IMHO it is not good to have very fast machines as packet filter - such systems are more attractive for crackers/hackers. Where do you want to install this packet-filter ? /between internet and intranet, between intranets/ What kind of FW system are you going to create ? /dual-homed-host, screened network, only packet filtering/ ? sorry if this message was not useful for you Piotr Wachowiak [EMAIL PROTECTED]
