[ previous ] [ next ] [ threads ]
 
 From:  "Nathaniel B. Lyon" <nate dot lyon at nfldwifi dot net>
 To:  "'cbuechler at gmail dot com'" <cbuechler at gmail dot com>
 Cc:  "'m0n0wall at lists dot m0n0 dot ch'" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Appliance to install m0n0wall on
 Date:  Sun, 18 Jul 2010 11:26:58 -0500 
So monowall doesn't scale the state table based on the amount of memory the box has like pfsense?

Also, would gig on board be better than something pci based?


Message Sent from BlackBerry Device.

Nathaniel B. Lyon
Owner, NorthfieldWiFi
(612) 991-4260
www.northfieldwifi.com
nate dot lyon at nfldwifi dot net
 
The information in this e-mail is intended for the use of the individual or entity to which it is
addressed, and may contain information that is privileged or confidential.  If you are not the
intended recipient, you are hereby notified that any disclosure, copying, distribution, use of, or
reliance on, the contents of this e-mail is prohibited.  If you have received this e-mail in error,
please notify us immediately by replying back to the sending e-mail address, and delete this e-mail
message from your computer.

----- Original Message -----
From: Chris Buechler <cbuechler at gmail dot com>
Cc: m0n0wall at lists dot m0n0 dot ch <m0n0wall at lists dot m0n0 dot ch>
Sent: Sat Jul 17 21:07:23 2010
Subject: Re: [m0n0wall] Appliance to install m0n0wall on

On Sat, Jul 17, 2010 at 9:50 PM, Nathaniel B. Lyon
<nate dot lyon at nfldwifi dot net> wrote:
> Hello,
>
> We are looking for an appliance to install m0n0wall onto.  We are aware that there are current
appliances that can be purchased, but were kind of wanting something more under the hood in terms of
CPU speed and memory.
>
> Right now with our current firewall we are averaging roughly 400Mbps, peaking at just under
600Mbps.  We feel our current firewall is nearing its  > end of life.  Any hardware recommendations?
 We'd like to stay away from server based/PC based options so we can achieve wire speed.

You have that backwards - you'll need server class hardware to get
gigabit wire speed. There are some appliances that can achieve gigabit
wire speed or close to it, ones that basically put a server class
board inside of an appliance type chassis, such as Nexcom. An average
HP/Dell/whatever server is no different and quite a bit cheaper.
"Appliance" is nothing more than a form factor really, it's all x86
hardware.

Also you'll almost certainly need a custom built m0n0wall image,
ipfilter's state table size is hard coded at compile time, default is
30000. At that kind of throughput you're likely over 100,000 states.

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch