Results 1 to 5 of 5
Is there a good rule of thumb to know how much a server can handle in services and usage load? I have a setup: Internet -----NAT-----Internal +---DMZ I am at ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 02-19-2007 #1
I have a setup:
I am at a school where there are less than 200 systems and much less than that use the Internet at the same time, web, mail, etc.
for both security and load, what services need to be on separate systems?
Since the firewall is on the NAT, can you do filtering there for porn, etc ( since it is a school ) using iptables, or Squid or.... would that slow the system down too much?
In the DMZ: web, dns, mail, ... can all be on one system, would it be a performance hit. How much can it handle? Is there a good way to know? Would one service make the others more open to attack?
I know it is all kind of broad in topic, but I am looking for general info and a place to start.
- 02-20-2007 #2Since the firewall is on the NAT, can you do filtering there for porn, etc ( since it is a school ) using iptables, or Squid or....
How much can it handle? Is there a good way to know?
Would one service make the others more open to attack?
P.S. Two very good books I can recommend for you if you're serious about this:
- Essential System Administration, by Æleen Frisch
- Linux Administration Handbook, by Evi Nemeth / Garth Snyder / Trent R. Hein
- 02-20-2007 #3
Thanks for the reply
Squid is what I was looking at as well. I assumed it had updates to the lists pretty often. I figgure it has a way I can add my own if I need to.
I had no real desire to try to find them all and build an iptable list really
I am not sure if I would know how much of a load effect it would have to have squid on the NAT box, what I would really look for. The route table is not all that complicated, squid I guess is the unknown.
Do you know how much traffic a single squid installation can handle? I know the machine and setup have much to do with it. I use suse 10 but the kernal is all that really matters here. Say a machine with a 1.5 gig cpu and a gig of ram and giga bit nics? Just ball park, an idea maybe.
I can add virtual ips to my external nic and rotate the snat through them out through more than one machine for squid ( I think ) but if anyone has an idea how much to expect it to handle, it would help me figgure if I am right, close, or totally screwed up.
Thanks for any help. I continue to google and read but I really thank anyone for assistance to cut through the pile out there.
The Essential System Administration looks like my next stop, thanks.
- 02-20-2007 #4Do you know how much traffic a single squid installation can handle?
The box you have sounds like it will be adequate for some serious usage. I don't know what kind of pipe you have to the outside world, so you'll have to consider that as well.
The best strategy will probably be to start with one group of users to go through your squid proxy server, and observe performance for a set testing period.
- 02-21-2007 #5
since I have no figgures at all right now, it at least gives me ... more than I have haha.
I have a 10 meg fiber out to the ISP and maybe 5 meg to the Internet from there.
I think the machine can handle the load ok, maybe. So next is to set it up.
I can monitor it and see after that. Maybe I can have some numbers to share later if it will help anyone.