Hello everybody.
I have been wondering what is the minimun requiremets for build a gateway for a company that have 250 users.
anybody?
hardware for linux gateway (open)
Message
- think4urs11
- Bodhisattva
- Posts: 6659
- Joined: Wed Jun 25, 2003 9:51 pm
- Location: above the cloud
some more details needed
- bandwidth of internet connection
- type of usage (browsing only, streaming, email, IRC/IM, ...)
- estimated number of concurrent users
- DMZ yes/no (if yes what kind/number of servers in DMZ)
- type of users (web workers, mostly office work, ...)
- VPN functionality needed
- ....
Shall the GW only provide firewall/NAT functionality (means layer 3+4) or proxy functionality (layer 7)?
Is high availabity/load balancing needed?
What 'level of paranoia' needs to be served? (low paranoia - one box for all, hi paranoia - x boxes)
In most easy case something like a Soekris/Alix might already be enough (firewall/NAT only, <=10MBit ISP connection max., low number of concurrent sessions, ...).
- bandwidth of internet connection
- type of usage (browsing only, streaming, email, IRC/IM, ...)
- estimated number of concurrent users
- DMZ yes/no (if yes what kind/number of servers in DMZ)
- type of users (web workers, mostly office work, ...)
- VPN functionality needed
- ....
Shall the GW only provide firewall/NAT functionality (means layer 3+4) or proxy functionality (layer 7)?
Is high availabity/load balancing needed?
What 'level of paranoia' needs to be served? (low paranoia - one box for all, hi paranoia - x boxes)
In most easy case something like a Soekris/Alix might already be enough (firewall/NAT only, <=10MBit ISP connection max., low number of concurrent sessions, ...).
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself
- think4urs11
- Bodhisattva
- Posts: 6659
- Joined: Wed Jun 25, 2003 9:51 pm
- Location: above the cloud
'rule of thumb'-calc
Pentium 4 1GHz+ or better is sufficent
>=1GB RAM (needed for proxy mainly)
>=80GB HD (proxy cache)
2 NIC's (one internal, one facing towards ISP)
Squid as proxy, iptables for the FW part
should give a nice system with decent speed
If you want additional content filtering (Dansguardian or alike) take a faster proc (2Ghz+ at least) and some more RAM.
Pentium 4 1GHz+ or better is sufficent
>=1GB RAM (needed for proxy mainly)
>=80GB HD (proxy cache)
2 NIC's (one internal, one facing towards ISP)
Squid as proxy, iptables for the FW part
should give a nice system with decent speed
If you want additional content filtering (Dansguardian or alike) take a faster proc (2Ghz+ at least) and some more RAM.
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself