> Hello All, I was wondering if anyone out there who has experience
> with Linux Firewalls could give some recommendations on what sort of
> hardware to dedicate ( i.e. memory, cpu, hard drive space, etc. ).
> The Firewall will be to protect an internal 15 node Network running on
> 10bT ( 10 Mb/s ). The main thing outsiders will be accessing is the
> our HTTP server ( downloading software demos etc. ). Our connection to
> the internet will be through a semi-dedicated 10 Mb/s connection.
> Basically, I'm looking for some general recommendations based
> on first hand experience, not second hand knowledge.
It's not clear to me whether you mean to have the HTTP server running on
the same machine as the firewall. The amount of memory you need on the
HTTP server depends to some degree on how many HTTP transactions you
expect to see running simultaneously, as each transaction requires a
forked httpd. Even this is probably not a big deal unless you expect
quite a few hits.
At work, we are running two Linux (1.2.13) machines. Our Web server
(about 12000-14000 hits/day) is a 486DX66 with 64 MB. I can't remember
the last time I saw it swap. The other machine is a 486DX100 with 20 MB,
and it acts as our firewall and mail handler. We have a 100-node
network, with each node having Internet access via firewall proxy
(SOCKS), and the mail throughput is somewhere in the ballpark of
1500-2000 messages per day. This machine occasionally gets to swapping;
I plan to upgrade the memory in this machine as soon as I get around to
it.
In short, with the prices of memory at present, I recommend at *least*
64 MB. It just doesn't pay to save a couple of hundred bucks only to
find that you're short of RAM. Of course, if you expect the site to be
really busy, or if you expect to run numerous other applications on the
machine, you may want even more memory. I don't consider CPU speed to be
too much of a factor for 'Net server application. All those 14.4/28.8
connections out there keep the server processes in memory for a while,
but the processes aren't using much CPU time. This seems like it might
be a particular problem for you in that you are serving up software
demos that will, I presume, be fairly large files.
BTW, the 20-MB machine ran for about 6 months as our sole machine,
including HTTP. It swapped a fair amount, even though our Web hits then
were about half what they are now.
As for hard drive space, I again suggest that at today's prices, more is
better. If all you plan to do with the machine is firewall and HTTP
service, a 1.2 GB drive would be more than adequate, and cheap. If
you're trying to reuse older hardware, a smaller drive could do, too.
I'd probably not drop much below 500 MB, though.
These are all rough numbers, subject to adjustment to your particular
situation--your budget in particular.
I do envy you the 10 MB/s connection to the 'Net!
Quote:> Thanks & Have A Nice Day! 8^)
I'll do my best!
--
Jon Bloom
by