| |
| |
| |
|
Comments:
<0> hey. is there a module or wotnot that would allow me to bail out of the chain that the packet is in and continue scanning on the next rule after the chain redirect?
<0> (god that sounds messy). basically the a 'return' rule.
<1> how much throughput can I expect from netfilter on certain hardware? are there any benchmarks available? are there any benchmark comparisons between pix and netfilter?
<1> if I have a half way decent machine 1ghz 256 mb ram p4 and good intel gbit ethernet cards is my netfilter firewall faster then pix?
<1> how many concurrent connections can netfilter handle? (all in linux 2.6)
<2> humbolt: depends on your specific kernel compile configuration
<2> also, depends on how many actual memory you have free for your kernel
<2> every connection needs approx. 300 bytes. should also be in the netfilter faq somwhere
<3> hello
<1> memory is not an issue, money is not an issue but still i hate to throw money in ciscos throat if something better free is abailable.
<1> But I have to know if netfilter can support the bandwith I am dealing with.
<3> I have a problem... packets somehow get lost after leaving mangle/prerouting and don't reach nat/prerouting or anything, I'm clueless
<1> I have two applications, one for the intranet where I want to apply firewall rules between vlan/subnets and the other in order to do transparent proxying for our DSL customers (35Mbit).
<2> 35mbit doesn't sound like any kind of challenge
<2> even with quite sophisticated/comples rulesets
<1> that's what I am thinking
<1> LaF0rge: do you know any out of the box software or software/hardware solution you can recommend? maybe something that could provide me with some redundancy. something like cisco hsrp, where you ***ign a standby ip to two machines and if the primary goes down, the secondary takes over?!
<2> humboldt: there are a number of commercial linux/netfilter/iptables based offerings
<2> I'm not really using any of them, as you can imagine
<2> however, you _might_ want to look at Astaro (http://www.astaro.com/), they have a HA solution.
<2> [but be aware, my development is sponsored by them, so I'm biased... *g*]
<1> Looks cool
<1> How about their interface
<2> humboldt: web based. just download the iso and install it on a test box
<2> ftp://ftp.astaro.com/pub/ASL/iso_image/i386/v6.0/asl-6.200-060321-2.iso
<1> LaF0rge: does it support vlans? what hardware do you recommend?
<1> an off topic question I got as well: what do you think is the better solution for caching 40mbit traffic: cisco cache server + layer 4 router or linux+netfilter and linux+squid?
<2> humbolt: yes, it supports vlan
Return to
#netfilter
or
Go to some related
logs:
$_POST['fields'] php
linux qemu cannot set up thread-local storage:
perl sysread 2 ** 20
wondershaper yast
+ubuntu +i845 +nv
www;thebeers.com
#php
#gentoo
gentoo alsaconf could not find module snd
mark3l
|
|