[luau] Firewall
Warren Togami
warren at togami.com
Tue Mar 4 23:04:01 PST 2003
Randall Oshita wrote:
> Can Mandrake's Corporate Edition Firewall compete with Sonicwall SOHO3
> or even the PROS or the Watch Guards or Cisco? Lets say the Linux box
> has the better hardware (1Ghz cpu 1G RAM etc..- overkill but for this
> example)
> Does the throughput depend on the software or the hardware?
> Anyone know the throughput for the Mandrake firewall?
>
Any Linux firewall throughput is limited mainly by hardware. I don't
know what Mandrake's firewall does specifically, but any Linux firewall
is using iptables to control Netfilter. Netfilter is very complex and
flexible, able to do almost anything if it is configured to do so. Some
products like Mandrake firewall, Guarddog, Bastille or MonMotha's script
do most of the work for you. Firewall capabilities are limited mainly
by how complex the tool was made to be.
Vince Hoang wrote:
>>Lets say the Linux box has the better hardware (1Ghz cpu 1G RAM
>>etc..- overkill but for this example)
>
> For a small company and the right software, you might be able to
> get away with running a firewall on a 386.
Well that depends on your pipe. With RoadRunner I originally used a 486
with 3Com ISA cards to connect to the internet. I had maximum speeds of
around 50 kilobytes/sec. I later moved those ISA cards to Pentium 400
and got maybe 80 kilobytes/sec maximum. Back then I didn't know that
was SLOW for RoadRunner but was happy about it anyway.
Later my friend said he was easily downloading 1 megabyte/sec with
RoadRunner. His computer had a 3Com PCI NIC. I changed my Pentium
400's NICs to PCI cards and I was easily doing 500 kilobyte/sec from
some nearby sites. (I guess Manoa is more heavily using RoadRunner than
my friend's area, but that is still several times faster than most
consumer DSL rates.)
Hardware matters a lot. ISA sucks, and 486's just don't cut it anymore
unless you have something slow like DSL.
Warren
More information about the LUAU
mailing list