[TriLUG] using a Linux box as a pass-through filter
Aaron S. Joyner
aaron at joyner.ws
Mon Dec 20 13:49:53 EST 2004
Dan Monjar wrote:
> Working it now... this is end of year keeping myself busy project for
> the next two weeks. Eventually the hope is to filter from a VPN
> switch being fed from a 4.5Mb Internet link. I'm using a through-away
> 233MHz at 64MB system. For production I'd want something better but
> this is just proof-of-concept stuff.
>
> Think I am wasting my time and should look for something beefier now?
Depending on how complicated your rule set is, you can easily filter
100MBits of traffic with that box. You'll want to make sure you've got
reasonably good NICs, I'd recommend something like an Intel or 3Com nic,
and you'll be in good shape. Even in the case of using a Realtek, it's
just slightly higher CPU usage for the host system (15% or so) - which
since at 100MBits you'll probably not approach 30% utilization, I
wouldn't worry too much about it. Now this of course all assumes you've
got under say 10,000 rules in your firewall - and you're not doing
really obscure types of matching in a poorly written fashion. OpenBSD
firewalls are often made out of tiny little Soerkis(sp?) boxes, which
are over-glorified 486s, and they do a quite-nice job.
Aaron S. Joyner
More information about the TriLUG
mailing list