General Questions

Hi All,

I plan to use Monowall on an intel server box with an Intel Quad-Core processor and 4GB of memory. We have a 12MBps connection, and we would like this box to be the gateway router and firewall with more than 2000+ users on the LAN and Public servers on a DMZ.

Questions is: Are these hardware specs good enough for this use?

Sicnarf

The limitation is the state table.  You will have 30,000 states.  That is all...  (30,000 current open connections)  Also, your DHCP leases can get large, so you may need to increase the file system size if you have a lot of DHCP.  Additionally, I think there is a 16 interface limit, but I have not pushed that one at all...

Lastly, you will need a gig-e card supported, and that can be hit or miss...

As to the CPU and ram, that is way more than you need.  A P3 500 with 512 meg of ram can support 15mbps without pushing it.  (Unless you have a lot of VPN connections)

Thanks Lee Sharp. I'm evaluating monowall for use in our school with that number of users. In line with this, I have a couple other questions I would like to ask. If it's not appropriate to ask it in this sections, please point me to the right forum.

My questions are:

- Can monowall perform transparent proxy? Scenario I would like is for web, content and protocol filtering

- How about bridging two network interfaces? Scenario for use would be that publicly accessible servers on a DMZ-like interface would be bridged to the public address space so that there is no need for port forwarding. Though I don't think this is a secure option, it would be beneficial for this purpose later on.

- What about intrusion detection system (IDS)? does monowall have an IDS? if not, can I install like snort on it so that it will have that capability as well?