On Sat, 15 Jan 2005 23:57:37 +0100, Pavel Balus <balus at flame dot cz> wrote:
> Hello,
> 
> i would like to use monowall for protecting our servers.
> Look at my scenario:
> 
>    Internet
>      ^
>      | 1 Mbps
>      |
>  +----------+     1000Mbps     +-------------------------------+
>  | MonoWall |   <---------->   | perimeter network - 4 servers |
>  +----------+                  +-------------------------------+
>      ||
>      || 1000Mbps
>      \/
>     LAN
> 
> Is MonoWall suitable for this scenario? Is it powerfull enough for 1000Mbps? Could you recomend me
suitable HW configuration for MonoWall box in this scenario.
> 

With a really fast box and good quality PCI-X gig cards on separate
PCI buses, it should push upwards of 700-800 Mb easily.  Can't say
that I've tried it specifically with m0n0wall.

I've specifically tested some 'em' Intel PRO/1000 desktop NIC's on
FreeBSD.  A P4 1.6 will push about 550-600 Mb, and a P3 733 about 400
Mb.  One NIC only, no routing.  For routing, it would probably be a
bit less than half of that.  The bottleneck in both cases is the CPU,
because those cards offload most everything to the CPU.  They're only
$30 USD a pop though, you need something much better than those, some
of the higher end Intel gig cards are supported and should do well.

I question how much you really need gig wire speed throughput,
considering the cost of the box that would be required.  For a
commercial firewall, you'd be looking at at least $5-10K USD to get
wire speed, and probably $2500 for a m0n0wall box.  You'd need the
fastest processor you can get, a server motherboard with multiple PCI
buses, and good quality gig cards.  For your internet connection
speed, you could get by with a $200 box like a WRAP or Soekris.  If
you're just running some web and mail servers in your perimeter
network, you'd get by with a Soekris unless you have to push some
serious traffic from those perimeter servers.

-Chris