Re: Cost of cheap but decent hardware firewall
From: James T. Dennis (jadestar_at_idiom.com)
Date: 04/07/04
- Next message: AndreaFetta: "Re: Security and SmartCard"
- Previous message: Steve Horsley: "Re: Which IE secuity level for internet zone."
- In reply to: Ewan Curtis: "Re: Cost of cheap but decent hardware firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 07 Apr 2004 02:07:07 -0000
In comp.security.firewalls Ewan Curtis <nospam@dontspamme.bitch> wrote:
> Leythos wrote:
>> In article <c35666$23ui1v$1@ID-193558.news.uni-berlin.de>,
>> mark_in_winnipeg@gawab.com says...
>>>>> I'm trying to weigh the cost verses
>>>>> the learning curve of setting up a Linux based firewall using an old
>>>>> computer.
>>>>>And can a 386 machine give as much protection as a P-II?
>>>>The only difference in CPU's is the amount of processing power. If the
>>>>software runs on a 386 and a P-II then it will provide the same
>>>>functionality, just not the same performance.
>>>Could you define performance? Will it slow anything down? I don't do any
>>>gaming, just downloading/browsing.
>> No I can't define performance - I can only say that the difference is
>> speed. If you are not happy with the performance you need more computer.
>> You could always get a NAT based router and not worry about it.
> A 386 would probably limit the speed that you can access the net -
> particularly if you use some kind of broadband connection - as it
> struggles to deal with the NAT.
> A realistic minimum system for a NATing firewall/linux box would
> probably be a P1-100Mhz with about 64Meg of RAM.
I think you're way off here. A 386 with 16 to 32 MB of RAM is fine
for NAT/NAPT (IP Masquerading) and simple IP Chains filtering of
up to over a T1 (1.44Mbps). Even with the FreeS/WAN IPSec you should
see any throttling of bandwidth and only minimal additional latencies
through established SAs (security associations). I used an old 386DX33
(33Mhz) for years on my iDSL line (only 144Kpbs) with no detectable
performance issues. It was also the household mail server (inbound SMTP
and internal POP --- over SSL) for all of that time.
In reality the reason why old 386 and 486 hardware is so limiting has
more to do with their crufty old BIOSes (no abililty to boot from CD
nor over the net) and ISA buses (no PCI support) and power supplies
(pre-ATX case and connectors). Other problems with old 386 hardware
have to do with power dissipation and fan noise.
If I was going to make a purchase it might be for any "embedded" system
machine, like the Soekris (http://www.soekris.com/ ) and I'd run Linux
on compact flash on it. Their basic model is a 133Mhz 486 on the Nat'l
Semiconductor Geode. No fan, little external power brick. 3 ethernet and
two serial ports.
Failing that I might hunt around on Linux Devices
(http://linuxdevices.com/directory/Hardware/Systems/ ) for suitable small
systems. However, I notice that lots of the links there are stale and
you have to hunt for product availability.
The biggest factors in choosing an embedded platform for a little
Linux router project would be availability for two ethernet adapters,
assuming that you're not talking about a dialup for CSU/DSU port, and
price. Lots of embedded systems are premium priced compared to generic
PCs.
-- Jim Dennis, Starshine: Signed, Sealed, Delivered
- Next message: AndreaFetta: "Re: Security and SmartCard"
- Previous message: Steve Horsley: "Re: Which IE secuity level for internet zone."
- In reply to: Ewan Curtis: "Re: Cost of cheap but decent hardware firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
