port-mac68k: Re: Firewall question & df weirdness

Subject: Re: Firewall question & df weirdness
To: Russ Arcuri <photo.nut@mindless.com>
From: John Klos <john@sixgirls.org>
List: port-mac68k
Date: 09/01/2002 14:49:11
Hi,

> Current setup: Quadra 700, 68 MB RAM, 1 GB hard drive,
> Farallon Ethermac card (ae0), internal ethernet (sn0), and
> internal video.

This type of system can generally handle up to 400k/sec at minimum.

> Drive partitioned as follows: 60 MB Mac OS, 100 MB root, 580 MB
> /usr, 200 MB /var, and 71 MB swap.  I believe this will be overkill
> for firewall duty, but I want to be sure it can handle the full
> throughput of my DSL connection -- I don't want a firewall that will
> be a performance bottleneck.  Also, I may be adding web server
> and sendmail duties later.  For now, it will just be a firewall.

This should be more than adequate.

> 1. I'm confused by what I'm seeing when I do a df -k.  It says:
>
> Filesystem  1K-blocks   Used       Avail    Capacity   Mounted on
> /dev/sd0a     927628     847635   -12770    101%        /
> /dev/sd0e     261694     69372     166152    29%         /var
> /dev/sd0g     831141     372058   375968    49%        /usr
> kernfs                       1                1               0    100%     /kern
> procfs                       4                4               0    100%     /proc
>
> First, it seems like there's way to much space there -- too many
> 1K blocks present.

That is bizarre. How did you partition the drive? What utility?

>  Also, how can root be at 101% capacity?
> How can it have -12770 blocks available?

The UFS filesystems have a certain percentage of extra blocks that only
priviledged processes can use. So if a user filled up /usr, proviledged
processes will still have some space until you come and fix things.

> It says kernfs is
> mounted on /kern, and procfs is mounted on /proc, both at 100%
> capacity.  What does that mean?

Since they don't have "capacity" in the general sense (they are the size
of the data they represent), they are always at 100%. This is normal.

> Finally, considering what I
> installed, it seems like too much disk space is used already.
> What's going on?

Hmmm. Good question.

> 2. The only documentation I can find about setting up a firewall
> indicates I should download a 1.4.2 'dedicated' firewall kernel.
> I'd rather stick with 1.5.3, but I'm not sure what the next step is to
> configure it as a firewall.  Any pointers to online documentation
> would be appreciated.

I will send my Quadra instant-NAT how-to to the mac68k list in a few
minutes.

> I'm sure I'll have many other questions.  Hopefully people won't
> lose patience with me...

Just don't ask us how to set up Windows to do IP NAT...

John Klos
Sixgirls Computing Labs