On 10/03/10 22:11, David Higgs wrote: > I am building a replacement router/firewall for home use
stop there. You aren't General Motors, Yahoo, or Google. You are looking to spend a lot of time and money trying to optimize performance on a super-fast-sport-car that will be only used to go to and from work in rush hour traffic. You aren't going any faster than the guy in front of you is going, or in this case, than your ISP is handing you data. There is nothing built in the last 10 years that can't do a home router/firewall like this for most people, with the exception of a few crappy super-low-power systems that people like to suggest as the answer to all questions (and then complain when the pathetic NICs and anemic CPUs don't pump data like a ten year old machine with non-pathetic NICs does). NONE OF IT WILL MATTER TO YOU. Realtek NICs, three digit celeron processors, the worst of the worst will pump more data than your ISP will deliver, so what do you gain by tweaking for the last one percent of data flow you will never see? Conventional stuff will cost less and run more reliably than fancy stuff, and while you may save a few watts, you are unlikely to recoup your investment. And why would you put an SSD on a firewall? so you can discover they are a lot more expensive and less reliable than an old hard disk? If you want fast and reliable, use an old, burned in HD, and back up your /etc directory. If you want low power or silent, get a CF adapter and a small CF card, or if your hw can boot from it, a USB flash drive. My main firewall at home: Celeron 300, 64M RAM, couple 3G disks in a CCD mirror (it has been around a while. I picked the disks because this model unreliable in my experience, so I could see how CCD mirroring worked for me in real life...and the dang things didn't fail in who-knows-how-many years!). I see it suffers a bit (actually, a lot) when I suck data from one subnet to another through my firewall, but it still moved respectfully close to wire speed, and I really doubt the (long) planned upgrade to a PII-450 will change that a huge amount, considering the number of second-rate switches and such between here and there. I do suspect the better cache will reduce the processor utilization numbers a lot...but then, it isn't bottoming out (but close) so I suspect the end result will be a big no-change. If you aren't routing between local subnets, this machine is big overkill for you, and if you are, like I do...probably just fine. Nick.
