Robert Glover [mailto:[EMAIL PROTECTED]] wrote:
>
> I have a 486/66 that I want to use as a firewall for a
> cable-modem. What I
> really want is a 10MB ethernet card for the cable-modem and a
> 100MB card for
> the LAN.
>
> 100 Mbit .------------. 10 MBit .-------------.
> -------------| 486/66 |-----------| Cable-Modem |---- You folks
> LAN ------------ Straight -------------
> Cat-5
>
> My questions are:
>
> 1. Is there such a thing as a 100MB ISA ethernet card (cheap)?
Offhand, I don't know of a 100MB ISA card, but that doesn't mean they
don't exist. However, as noted below, I don't feel it is important in
the big scheme of things.
>
> If I used two 10MB cards, I would have to have an additional
> gateway box just to connect the 10MB and 100MB segments,
> wouldn't I?
Not necessarily. What you would need is a hub that can sense both 10MB
and 100MB connections. These are not very expensive - I just bought an
autosense 10/100 hub for about $40.
>
> 2. I know know the 100 MB card will be limited by the
> throughput of the other 10MB card, but...
>
> Will the 486 choke my internet throughput below 10MB?
> Can it handle 10MB in + 10MB out on an ISA bus?
The first limitation of ANY cable/DSL connection is the connection
speed itself. Most home cable/DSL connections are 1.5MB/sec or slower.
I get 1.1MB down from my DSL. Many of my local cable friends are 384K
or 256K down, though this does vary by provider and where you live.
A 10MB NIC is already 7 to 15 times faster than most fast home
internet connections. The NIC is not the problem.
However, that said, using a proxy server/NAT or firewall will slow
your connection. However, it is not the NIC's fault. Proxy and NAT
servers operate by essentially rewriting the internet request header
from the client and resending under their own IP. When a reply is
received, it has to be decoded and then forwarded to the correct
private machine.
Example: my DSL (ficticious) IP for my firewall may be
206.195.210.170. My firewall serves a couple of PC's using private
IP's of 192.168.0.*. Say that client 192.168.0.5 makes a request for
the www.yahoo.com page. The firewall has to rewrite the header as a
request from its own IP (206.195.210.170) and send it out as if it
were the firewall's own request. When a reply is received, the
firewall has to check the reply against which machine made the
request, and then rewrite the header to redirect the web page back to
machine 192.168.0.5.
It is this rewriting of headers that consumes CPU time and actually
slows the system. While I get 1.1MB down with my DSL when a machine is
directly connected to the DSL modem, I find there is roughly a 20% lug
on speed when going through the 486SX firewall. Speed drops to 850 to
900MB down behind the Linux firewall.
Eventually I plan to upgrade to a Pentium firewall as the prices for
the 90MZ to 166MZ machines drops to near zero. PCI NIC's should also
help. However, there is always going to be overhead when running a
firewall. Protection does not come with zero cost.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
