Which CPU is best for Shorewall, a PIII-450 Celeron or a PII-266??? =================================Joakim Hellström Chief System Engineer United Computer Systems Scandinavia AB Klostergatan 56 S-582 23 Linköping, SWEDEN Phone 1: +46 (0)13 13 97 92 Phone 2: +46 (0)13 13 96 00 (recep.) Fax: +46 (0)13 13 97 35 GSM: +46 (0)708 13 97 35 URL: http://www.ucs.se This e-mail is intended for the addressee(s) named above only. As this e-mail may contain confidential or privileged information, if you are not the named addressee(s) or the person responsible for delivering the message to the named addressee(s), please telephone us immediately. The contents of this e-mail should not be disclosed to any other person nor copies taken.
Hellström wrote:> Which CPU is best for Shorewall, a PIII-450 Celeron or a PII-266??? >from my head p3-450 celeron is what you need take a look at wikipedia http://en.wikipedia.org/wiki/Celeron but even p-2 @266 will do the work depends how much memory you have we have one p2 @ 350 with shorewall and works ok cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 5 model name : Pentium II (Deschutes) stepping : 2 cpu MHz : 350.801 cache size : 512 KB
On Tue, 19 Oct 2004 16:19:23 +0300, marius popa <mapopa@reea.net> wrote:> we have one p2 @ 350 with shorewall and works okhere PI 100 MHz and 64 MB RAM work fine - with 5 Users behind the FW. Ingo.
The CPU you need, doesn''t matter as long as you use the machine ONLY for firewall. The problem arise when you: -Let''s put a DNS cache on the firewall. -Let''s put a DNS authoritative on the firewall. -Let''s put a SNMP agent on the firewall to analyse the traffic -Let''s put a SMTP relay to check for viruses/spam -Let''s put a DHCP server on the firewall -Let''s put a Proxy Cache (squid) on the firewall. -Let''s put a squidGuard on the firewall to filter accesses etc etc and etc If you think you can match the (not recomended) situation above, a P1 100Mhz is not enough. :) [Guilsson]
I should add, that you also need to look at the speed of the hard drive, motherboard, and memory. It is all part of the package. Typical system integrators, will put the flash in a package with a fast CPU, and then hobble it with slow RAM, on a slow motherboard, with a slow hard drive. Questions: What is your budget? Do you actually need a CDROM, floppy, sound card, etc? on 10/19/2004 2:10 PM, Guilsson at guilsson@gmail.com wrote:> The CPU you need, doesn''t matter as long as you use the machine ONLY > for firewall. > > The problem arise when you: > -Let''s put a DNS cache on the firewall. > -Let''s put a DNS authoritative on the firewall. > -Let''s put a SNMP agent on the firewall to analyse the traffic > -Let''s put a SMTP relay to check for viruses/spam > -Let''s put a DHCP server on the firewall > -Let''s put a Proxy Cache (squid) on the firewall. > -Let''s put a squidGuard on the firewall to filter accesses > etc > etc > and > etc > > If you think you can match the (not recomended) situation above, a P1 > 100Mhz is not enough. :) > > [Guilsson] > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >
Hellström, Joakim wrote:> > Which CPU is best for Shorewall, a PIII-450 Celeron or a PII-266???Joakim, Actually, all of them. :) What you are really asking is which one would perform best with iptables, Netfilter since Tom usually points out that Shorewall is actually a set of scripts that sets this up and when the scripts are done the netfilter code is doing the job. As Guilsson pointed out earlier it will depend on what you will be running along with iptables, also what sort of environment - home network, small office, corporate, etc. The minimum requirement for a 2.4.x-based machine with iptables is a 486 processor, i.e. Shorewall is used on the Bering and Bering-uClibc distributions found in the LEAF project: http://leaf.sourceforge.net/ which includes DNS caching, DHCP + PPP + PPP0E. It will do just fine if you''re going to do just plain routing, packet filtering. If, on the other hand, you are going to add other services, like squid (with squidguard), VPN (which utilizes encryption=needs more processing power) and so on, then any one of those processors that you mentioned would do the job. What you would be more concerned with would be the amount of RAM, since a webcache like squid needs a large amount of RAM if you will be doing heavy duty caching. Regards, -- Patrick Benson Stockholm, Sweden
On Tue, 19 Oct 2004 15:10:55 -0300, Guilsson <guilsson@gmail.com> wrote:> The CPU you need, doesn''t matter as long as you use the machine ONLY > for firewall. > > The problem arise when you: > -Let''s put a DNS cache on the firewall. > -Let''s put a DNS authoritative on the firewall. > -Let''s put a SNMP agent on the firewall to analyse the traffic > -Let''s put a SMTP relay to check for viruses/spam > -Let''s put a DHCP server on the firewall > -Let''s put a Proxy Cache (squid) on the firewall. > -Let''s put a squidGuard on the firewall to filter accesses > etc > etc > and > etc > > If you think you can match the (not recomended) situation above, a P1 > 100Mhz is not enough. :)no not at all, only fw, dnscache, dhcp is ok on PI 100MHz, snmp I dont know.