Bandwidth estimates

[Sven Koch]

On Sat, 23 Jun 2001, Bill Gradwohl wrote:

> This is a bit open ended, but ...
>
> I'm looking for some estimates on the bandwidth any given hardware
> platform is capable of handling when a box is configured strictly as a
> firewall.

> Said another way, can a Pentium 120 w/64M RAM handle a T1's
> worth of traffic with lets say 50 iptables statements active? How about
> 200 iptables statements? Can a P-II 400 handle the traffic between
> PRIVATE and PUBLIC when both are 100MBPS segments as in a departmental
> firewall situation?

I'm running iptables on a p120/32mb ram with 4 10mbit-Ethernets, driving
a 2mbit Uplink, about 5000 rules installed, but each packet is only going
through max about 200 (most rules are only for traffic-accounting).

Loading the ruleset is endless, but using it I'm getting full bandwith on
all interfaces. (2mbit full-duplex to the outside and 10mbit dmz<->lan or
lan-a<->lan-b)

But this is only the link for our club-rooms and gets very little load
outside my tests (we've got only 3gb/month free traffic).

c'ya
sven

-- 

The Internet treats censorship as a routing problem, and routes around it.
(John Gilmore on http://www.cygnus.com/~gnu/)