[CentOS] Centos Router

Wed Sep 12 06:39:05 UTC 2007
Mogens Kjaer <mk at crc.dk>

Graham Johnston wrote:
> With the current discuss of "Performance of CentOS as a NAT gateway", I
> am curious how many people out there are using CentOS as a
> Router/Firewall in an enterprise or service provider environment.  For
> myself I am not really concerned about NAT just a stateful firewall. 

Our firewall runs on CentOS 5, x86_64.

It runs on a HP Workstation with dual core Xeon 5140 2.33 GHz.

Intel dual 82571EB NIC, one NIC for the external (we have 1 Gbit
internet connection), and one NIC for the internal connections
(two VLANs, one with DMZ other with ~250 machines). No NAT.

This is of course not a big setup, but the CentOS/Fedora mirror
in the DMZ does give some traffic.

The iptables setup has 119 rules.

No problems whatsoever with performance.

I've made a kickstart configuration for the firewall.
If we get a hardware crash on the fw, we can take another
machine and get it up running as a new firewill
within a few minutes (the most timeconsuming is formatting
the root partition). This is quite a nice setup.

Mogens Kjaer, Carlsberg A/S, Computer Department
Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark
Phone: +45 33 27 53 25, Fax: +45 33 27 47 08
Email: mk at crc.dk Homepage: http://www.crc.dk