[luau] Firewall

[Warren Togami]

Randall Oshita wrote:
> Can Mandrake's Corporate Edition Firewall compete with Sonicwall SOHO3
> or even the PROS or the Watch Guards or Cisco? Lets say the Linux box
> has the better hardware (1Ghz cpu 1G RAM etc..- overkill but for this
> example)
> Does the throughput depend on the software or the hardware?
> Anyone know the throughput for the Mandrake firewall?
> 

Any Linux firewall throughput is limited mainly by hardware.  I don't 
know what Mandrake's firewall does specifically, but any Linux firewall 
is using iptables to control Netfilter.  Netfilter is very complex and 
flexible, able to do almost anything if it is configured to do so.  Some 
products like Mandrake firewall, Guarddog, Bastille or MonMotha's script 
do most of the work for you.  Firewall capabilities are limited mainly 
by how complex the tool was made to be.

Vince Hoang wrote:
 >>Lets say the Linux box has the better hardware (1Ghz cpu 1G RAM
 >>etc..- overkill but for this example)
 >
 > For a small company and the right software, you might be able to
 > get away with running a firewall on a 386.

Well that depends on your pipe.  With RoadRunner I originally used a 486 
with 3Com ISA cards to connect to the internet.  I had maximum speeds of 
around 50 kilobytes/sec.  I later moved those ISA cards to Pentium 400 
and got maybe 80 kilobytes/sec maximum.  Back then I didn't know that 
was SLOW for RoadRunner but was happy about it anyway.

Later my friend said he was easily downloading 1 megabyte/sec with 
RoadRunner.  His computer had a 3Com PCI NIC.  I changed my Pentium 
400's NICs to PCI cards and I was easily doing 500 kilobyte/sec from 
some nearby sites.  (I guess Manoa is more heavily using RoadRunner than 
my friend's area, but that is still several times faster than most 
consumer DSL rates.)

Hardware matters a lot.  ISA sucks, and 486's just don't cut it anymore 
unless you have something slow like DSL.

Warren