Minimum System Performance for Unix deicated Firewall for DSL

[hantiz]

Hello ladies,

Just wanted to know if anyone here tried to set up a dedicated firewall on a mimimal system performance (i'm speaking here of boosted 486, or low-end pentium).

I mean this firewall should handle a DSL line running =700 Kb/s.

I tried with a 486dx2-80, 64 Mo EDO, 2 x Ethernet 10M/bits..... had low bandwith performances and lag on games.

Also this system was running RedHat 6.2 with SSHd and masquerading.

So my questions are :

1) have succesfully setted up a dedicated firewall, if yes with what hardware for a DSL line.

2) what system were you running. Should I move to FreeBSD for performance reason ?

Thanks A+ hantiz.

[linuxcomando]

i have set up one on a cable modem it was a 486/25 running openBSD and with redhat and slackware and mandrake and suse and storm

[protocool]

well, try using your 486 computers run as a firewall using the trinux ( a miniature linux on floppy ).

http://www.trinux.org

it works fine, and yet, it enables routing.

[petemcevoy]

I don't think trinux would be the best micro distro for routing, its really a security toolkit - here's what they say on the trinux site (which is now http://trinux.sourceforge.net/ )

Trinux contains the latest versions of popular Open Source network security tools for port scanning, packet sniffing, vulnerability scanning, sniffer detection, packet construction, active/passive OS fingerprinting, network monitoring, session-hijacking, backup/recovery, computer forensics, intrusion detection, and more.

I'm confused how a 486 with 64meg of ram caused your connection to slow down hantiz, for plain vanilla routing i've used a 25mhz 386 in the past without any sort of latency - although in answer to your question i would recommend a 486 with 32meg ram to do any decent firewalling. I use debian because thats what i like, but its much of a muchness what distro you use as long as you keep it up to date and locked down.
Can't answer your freebsd question tho - don't use bsd's.

[hantiz]

Thanks for the first answers....


1) petemcevoy, I'm also confused why such a hardware connection creates lag and low bandwith. It should theoricaly handle such request for 700 Kb/s

2) I found the idea of *Mini* Linux on a floppy great... i will try tonight the Linux Router Project, found on http://www.linuxrouter.org (thanks protocool for that idea).

I Will keep you in touch with what results I had.

Thanks for your help.

A+ hantiz.

[hantiz]

Ok... here is where i'am now :

Forget about LPR (linux floppy router) project... it seems out of date and no more updated... i turned to FLI4L, a german project, same objectives (linux router on a floppy). Very versatile, very advanced, many options and so on.....

Please visit : http://www.fli4l.org

Here is what i found on minimum hardware requirements ... this partially answer my questions (in my case of DSL, it's ranging from 486DX2-66 to Pentium 75) :

ISDN: 386er CPU ab 25 MHz, besser 486er ab 33 MHz
DSL: 486er CPU ab DX2/66, besser 486er DX4/100 oder Pentium ab 75 MHz
8 MB Speicher, besser 16 MB
Ethernet-Netzwerkkarte (Unterstützung von 40 verschiedenen Typen-Familien)
ISDN: Von HiSax unterstützte ISDN-Karte (Typ 1-37), AVM-B1 ISA/PCI oder ICN-2B
Keine Laufwerke ausser Diskettenlaufwerk
1 Boot-Diskette, alles notwendige drauf


A+ hantiz

[wrax]

use latest version of freebsd and set up ipfilter.
lots of tutorials on the net regarding this.
i have a p100 mhz with 82 meg ram running 2 100mb PCI ethernet cards and i notice no lag whatsoever, and we're on a very high speed lan.
just install minimal software (basicly cvsup, pine, bash, and lynx)
with the correct ruleset you can make it very hard to connect to from the outside network let alone hack. and with only ssh allowed to connect on the inside interface its really secure from external threats.
then lock down the filesystem (setting ro access is a good way to do this)
i run tripwire for filesystem security and keep mad logs of everything.

try it, it works really well.

[the_JinX]

a 486 overdrive works fine...
damn fine, we ran a ftp server, a bussie one for 155 days continuous...

without any probs..

[micael]

I tried several Floppy Firewalls earlier and one I really liked was FloppyFW. I was running on a 486dx2/66 with 16mb of ram and two old 3C509B-TPO NICs.

I tried with 4 "normal" users behind it and it worked perfectly but I have not tried to host any LAN party behind it though .

It's a quite nice solution since it's run in the momory only so no need for a hdd and I also "killed" the fan in the powersupply and with that setup it was a ultra quiet firewall/router (quite simple, but it worked).

Brief Description
floppyfw is a static router with the firewall-capabilities in Linux.

Although it is called a firewall it does not have all the functionality we are expecting from a firewall of today. It is basically a Screening router or Packet filtering firewall. (Although many firewalls sold today are just this.)

I am using this to put my home network behind a box running this and an ADSL modem on the other side. It can of course be used with cable modems and everything else giving you an ethernet port to connect to. It is also used as a basic firewall at some sites that do not need proxying proxies.

The 1.9 series has stateful packet filtering.

[VictorKaum]

Originally posted by hantiz

I found the idea of *Mini* Linux on a floppy great... i will try tonight the Linux Router Project, found on http://www.linuxrouter.org (thanks protocool for that idea).

Also a good *mini* linux on a floppy to do your firewall task: www.BBIagent.org
It can be run on a 80386 or 80486 or higher.