Server Load

[Kumado]

Is there a good rule of thumb to know how much a server can handle in services and usage load?

I have a setup:

Internet -----NAT-----Internal
+---DMZ

I am at a school where there are less than 200 systems and much less than that use the Internet at the same time, web, mail, etc.

for both security and load, what services need to be on separate systems?
Since the firewall is on the NAT, can you do filtering there for porn, etc ( since it is a school ) using iptables, or Squid or.... would that slow the system down too much?

In the DMZ: web, dns, mail, ... can all be on one system, would it be a performance hit. How much can it handle? Is there a good way to know? Would one service make the others more open to attack?

I know it is all kind of broad in topic, but I am looking for general info and a place to start.

Thanks

Kuma

[anomie]

Since the firewall is on the NAT, can you do filtering there for porn, etc ( since it is a school ) using iptables, or Squid or....

I'd recommend squid -- as your needs change it'll scale more nicely. This beats writing a zillion custom iptables rules.

How much can it handle? Is there a good way to know?

This is something you'll need to measure / tweak over time.

Would one service make the others more open to attack?

Yes.

--------------------------

P.S. Two very good books I can recommend for you if you're serious about this:

• Essential System Administration, by Æleen Frisch
• Linux Administration Handbook, by Evi Nemeth / Garth Snyder / Trent R. Hein

[Kumado]

Thanks for the reply

Squid is what I was looking at as well. I assumed it had updates to the lists pretty often. I figgure it has a way I can add my own if I need to.
I had no real desire to try to find them all and build an iptable list really

I am not sure if I would know how much of a load effect it would have to have squid on the NAT box, what I would really look for. The route table is not all that complicated, squid I guess is the unknown.
Do you know how much traffic a single squid installation can handle? I know the machine and setup have much to do with it. I use suse 10 but the kernal is all that really matters here. Say a machine with a 1.5 gig cpu and a gig of ram and giga bit nics? Just ball park, an idea maybe.
I can add virtual ips to my external nic and rotate the snat through them out through more than one machine for squid ( I think ) but if anyone has an idea how much to expect it to handle, it would help me figgure if I am right, close, or totally screwed up.
Thanks for any help. I continue to google and read but I really thank anyone for assistance to cut through the pile out there.

The Essential System Administration looks like my next stop, thanks.

[anomie]

Do you know how much traffic a single squid installation can handle?

I don't have a good formula for determining that. I can tell you that I have 10 workstations going through the same squid proxy server. Memory usage for squid alone hovers around 10MB. CPU usage is nominal. I have not performed any detailed analysis of network usage.

The box you have sounds like it will be adequate for some serious usage. I don't know what kind of pipe you have to the outside world, so you'll have to consider that as well.

The best strategy will probably be to start with one group of users to go through your squid proxy server, and observe performance for a set testing period.

Good luck.

[Kumado]

Sweet, thanks

since I have no figgures at all right now, it at least gives me ... more than I have haha.

I have a 10 meg fiber out to the ISP and maybe 5 meg to the Internet from there.

I think the machine can handle the load ok, maybe. So next is to set it up.
I can monitor it and see after that. Maybe I can have some numbers to share later if it will help anyone.

TTFN