On Mon, Aug 29, 2005 at 05:22:13PM -0400, Peter Landry wrote: > Hi, > > We're going to be doing some network restructuring, splitting our > internal network into 2 separate IP networks (192.168.1.0 and > 192.168.2.0). We currently have a Microsoft ISA firewall for our whole > network (since it's just 1 ip network right now, 192.168.0.0). I've > suggested replacing the ISA firewall with an OpenBSD machine with 3 > NICs, to handle both routing between the two internet networks, and > firewall out to the internet. It will just be a static route between the > two internal networks, in addition to whatever routing is necessary for > firewall/NAT (I'm not sure on this?). > > > > As far as the firewall is concerned, I don't think it will be a problem > as far as performance goes (our internet connect is 2mbit, which > shouldn't be hard to saturate). For the internal routing though, what > kind of hardware would we need to keep the 2 gigabit networks connected > at a decent speed? Amazing what happens when you bother to read and search just a bit. Almost has if you aren't the only person in the world asking this question. http://www.openbsd.org/faq/pf/perf.html :) > > > > We're looking at a p4 with a gig of ram - does that sound like it'll be > a bottleneck? > > > > I figured that OpenBSD would lower the requirements for our firewall > machine (less bloat) as well as increase security. > > > > Sorry if this is too general or vague a question - I did some searching > on the archives and could only find references to performance of IPSec > implementations, which we won't be using > > > > > > > > Thanks, I appreciate any responses/links/feedback, > > Peter L. >
-- BOFH excuse #105: UPS interrupted the server's power
