On Saturday 02 September 2006 18:48, Elvir Kuric wrote: > I need your opinion about heavy load machines acting > as firewals based on iptables package. > If I have Pentium 4, equiped with 1GB of RAM, two > NICs, one NIC to internet, second to private network ( > in private network are servers ). On firewall ( > iptables ) machine I have nat, pat, everthing using > iptables. How that works in environment with many > reqestes to servers in the LAN, I mean about 10000 > request per day? Have you experience about this topic. > Is there any limit on hits to iptables machine, what > is about memory, procesor. > > What do you think is solution based on iptables enough > secure for mission critical cases? I just need your > frank opinion. 10000 a day? That's nothing. Our companies web presence is behind a PIII 800, with 376MB RAM, and it NATs in excess of 10000 individual web requests a minute, just to one of the webservers! Add the mail server, the support system, the bug trackers, etc, etc. Currently handling nearly 40000 connections, with peaks of over 60000. Pushing upwards of 40Mbps at normal peak. And all the while being the end point for several IPSEC VPNs. It can quite happily max out the 100Mbps connection, as it is now (hasn't done that before!) with a cpu usage of ~40%. -- Mike Williams -- Mike Williams
