Graham Johnston wrote:
With the current discuss of "Performance of CentOS as a NAT gateway", I
am curious how many people out there are using CentOS as a
Router/Firewall in an enterprise or service provider environment. For
myself I am not really concerned about NAT just a stateful firewall.
For stateful firewalls, one should use OpenBSD and pf if .
netfilter has caught up on the stateful side with tcp window tracking
but I do not think that support is in Centos 4 and below. Centos 5
should have it.
The other half of my questions is about performance. I have read many
articles and posts on the net about performance tuning but they all seem
to be about tuning a single host, not a router. Does any have any tips
in this area? Is tuning even required.
If it is a natting firewall, forget about performance. There is a
maximum to natting support beyond configuring the maximum number of
connections being tracked.
Bridging stateful firewalls will find OpenBSD both more stable and
better performing. Non-natting stateful firewalls no comment sorry.
For the sake of the conversation lets assume I am referring to CentOS 5.
For full stateful support, we would have to. All previous Centos only
offer connection tracking.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
