Iptables bandwidth performance

Discussion in 'Linux Networking' started by Örjan Johansson, Jun 26, 2003.

  1. Hi all!

    Maybe this is a question that's been asked a thousand times, but I can't
    seem to find an answer to it. Maybe because the question itself is not
    correctly put. However, I'll throw it out there since I have a client that
    needs some reassurance:

    I have set up a Linux box with shorewall as a firewall. They have a 2MB/s
    line right now, and the server handles it beautifully. They are now going to
    upgrade to a 10MB/s line, and they need to know that the Linux firewall
    isn't going to be a bottle neck. Here are some specs:

    1 P4 2.0 Ghz CPU

    512 MB RAM

    Intel Pro/100 nics

    Red Hat Linux 8.0


    Any info out there on how much hardware you need to saturate different

    Also, anyone out there have any tips if I want to dedicate part of the
    bandwidth based on IP addresses? Linux solutions, or good hardware

    Any input on these topics will be greatly appreciated!

    Örjan Johansson, Jun 26, 2003
    1. Advertisements

  2. Setting up unknown fw tools, like shorewall does not harden your network.
    You know your network the best, you set up rules and firewalling with
    polices you need not someone has written for whole world.

    And the hardware is monster. I have PII266MMX with very custom built
    iptables rules, optimized for perfomrance. Around 5000 rules, 10mbit/s
    constantly is simply enough.
    Linux solution is traffic control, more about in Stef's page
    http://docum.org or Linux Advanced Routing and Traffic Control page.

    Peteris Krumins, Jun 26, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.