Graham Johnston wrote:
With the current discuss of "Performance of CentOS as a NAT gateway", I am curious how many people out there are using CentOS as a Router/Firewall in an enterprise or service provider environment. For myself I am not really concerned about NAT just a stateful firewall.
Our firewall runs on CentOS 5, x86_64.
It runs on a HP Workstation with dual core Xeon 5140 2.33 GHz.
Intel dual 82571EB NIC, one NIC for the external (we have 1 Gbit internet connection), and one NIC for the internal connections (two VLANs, one with DMZ other with ~250 machines). No NAT.
This is of course not a big setup, but the CentOS/Fedora mirror in the DMZ does give some traffic.
The iptables setup has 119 rules.
No problems whatsoever with performance.
I've made a kickstart configuration for the firewall. If we get a hardware crash on the fw, we can take another machine and get it up running as a new firewill within a few minutes (the most timeconsuming is formatting the root partition). This is quite a nice setup.
Mogens