![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Navigation
Install the app
How to install the app on iOS
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
More options
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
ROuter/Firewall to support 1GBE
- Thread starter elec999
- Start date
RocketTech
2[H]4U
- Joined
- Oct 7, 2009
- Messages
- 2,359
pfSense
This will do everything you want, and then some
This guy can do 1GBE? RB951G-2HnD
This guy can do 1GBE? RB951G-2HnD
According to the specs. Although it's usually taken with a grain of salt with regards to any networking gears unless you're paying thousands upon thousands as the manufacturer usually takes the best scenario and advertises that as the highest throughput possible.
Safe to say depending on the variations of the data you send I'd say that piece is closer to the ability of processing 500Mbps routing wise. Although in peak conditions it would be theoretically capable of much higher. This can also be swayed by how many other devices (switches > PC's) are hanging off it allowing for a much higher utilization.
The RB951G-2HnD CAN NOT route 1gb NAT. It can only do 140mbps or so.
EdgeRouter Lite is your cheapest option that will route 1gb
The Routerboard RB1100AHx2 is the best RouterOS that will route 1gb
Neither one of them will do true "filtering". They will do queues and shaping, but not "filtering".
PFSense is the best "cheap" option that can be made to do filtering.
EdgeRouter Lite is your cheapest option that will route 1gb
The Routerboard RB1100AHx2 is the best RouterOS that will route 1gb
Neither one of them will do true "filtering". They will do queues and shaping, but not "filtering".
PFSense is the best "cheap" option that can be made to do filtering.
Last edited:
The EdgeRouter Lite will not do 1000mbit, roughly 700-800mbit tops using hardware NAT but it is flawed so you will probably need to revert back to software which will be around ~200-300mbit tops...
A small i3 box running Linux/FreeBSD/some kind of fw distro would be your best bet.
//Danne
A small i3 box running Linux/FreeBSD/some kind of fw distro would be your best bet.
//Danne
Build a ClearOS box.
http://news.clearfoundation.com/
Only one that actually supports Wireless N and actually works.
As for routing speed, that is going to be dependent on the hardware you use.
Current version will only be able to use a max of 3.5GB of RAM as I found out, but that much is probably not really needed anyway.
http://news.clearfoundation.com/
Only one that actually supports Wireless N and actually works.
As for routing speed, that is going to be dependent on the hardware you use.
Current version will only be able to use a max of 3.5GB of RAM as I found out, but that much is probably not really needed anyway.
What distro should I use?
pfsense which can be made into a good UTM, clear os (community is pretty good and free but doesn't update automatically), sophos (never used it) or untangle lite.
Build a ClearOS box.
http://news.clearfoundation.com/
Only one that actually supports Wireless N and actually works.
As for routing speed, that is going to be dependent on the hardware you use.
Current version will only be able to use a max of 3.5GB of RAM as I found out, but that much is probably not really needed anyway.
Wireless is best left to an actual AP versus some desktop card in a computer.
pfsense which can be made into a good UTM, clear os (community is pretty good and free but doesn't update automatically), sophos (never used it) or untangle lite.
ClearOS does update automatically.
Wireless is best left to an actual AP versus some desktop card in a computer.
Maybe so, but the AP software in ClearOS works pretty well.
And it doesn't work with "just some desktop card". The card has to actually support AP features.
I thought we were looking at cost effective/cheap though.
Show me a good (not consumer level crap) N AP that doesn't cost very much - under $100 and can be upgraded with a simple replacement of a mini-pcie card and I might be interested.
Mackintire
2[H]4U
- Joined
- Jun 28, 2004
- Messages
- 2,985
The EdgeRouter Lite will not do 1000mbit, roughly 700-800mbit tops using hardware NAT but it is flawed so you will probably need to revert back to software which will be around ~200-300mbit tops...
A small i3 box running Linux/FreeBSD/some kind of fw distro would be your best bet.
//Danne
I was under the impression that they fixed that a month ago for the majority of user cases.
After having used underpowered and expensive Cisco ASAs I finally landed on a powerful router/firewall setup based on modern dual or quad intel PC with good nics, even 10gbit/s in one setup. The CPU usage of 1 gbit/s routed IP traffic with iptables firewalling/NAT on those systems is just barely visible on modern Linux, leaving room for fun stuff like netflow collection and VPN. The power consumption and heat generation are also very low on modern Intel CPUs, so no issues there.
An extra bonus is if you have to run high speed openvpn (as in 50 mbit/s +) or even ipsec at gigabit speeds with AES-NI, but especially openvpn needs a powerful CPU.
An extra bonus is if you have to run high speed openvpn (as in 50 mbit/s +) or even ipsec at gigabit speeds with AES-NI, but especially openvpn needs a powerful CPU.