Subject: Re: Old 386 as firewall?
To: Scott Presnell <>
From: Rick Byers <>
List: port-i386
Date: 11/10/1998 22:29:27

I have a 386 Dx/25 that I was affraid wouldn't be able to keep up.  I've
got it setup with two ISA (10 Base T) NIC's - one to the cable modem and
one to the internal LAN.  I had some trouble installing NetBSD originally,
but I figure that was because the machine only had 4Mb of ram and with the
added space used by the memory-disk on the install floppy, it wasn't
enough.  I installed everything to the drive from another computer, and
popped the drive into the 386.  I also added another 4Mb (8Mb max for me
also).  It's been running NetBSD 1.3.2 for a few weeks now ROCK SOLID.

Actually, this is a good example of the efficiency and value of a free
UNIX O/S like NetBSD.  My old configuration was:
Reasonably Expensive Pentium 166 with 32 Mb RAM
Expensive (compared to NetBSD) Windows 95 OS
Tial version of expensive proxy software (tried Wingate and WinProxy)
Expensive fancy SMC Etherpower II ethernet card

The new system is:
Free 386 25 (considered junk by the person that gave it to me)
8 Mb of Free RAM (what good is 30 pin SIMMS theese days)
2 Cheep ISA ethernet cards (one was $15, one was free)
Free O/S (NetBSD) with NAT

The NetBSD machine outperforms the pants of the Windows machine, and is a
few thousand bucks cheeper too.

If you want to do anything more serious than straight NAT, you may have
trouble (probably primairy with memory).  Compiling a kernel took a good
10 hours, but it didn't crash.  I doubt this machine could be much of a
NNTP server though...  Once you start using swap, it's going to crawl.

As for the 100 Mbps NIC, I wouldn't bother.  I really doubt you'll use any
where near that kind of bandwidth.  It's true that cable modems can have a
theoretical throughput over 10 Mbps, but since it's a shared resource
(that throughput is divided among everyone on your segment), the chance of
actually being able to get any real data that fast (or >2Mbs for that
matter) is slim to none.

Anyway, hope this helps...

 On Tue, 10 Nov 1998, Scott Presnell wrote:

> Hi Folks,
>         I'm trying to determine if I can use an old computer I have as
> a reasonable NetBSD firewall/NATservice machine for my home network.
> The computer I'm considering used to be a 25 MHz '386 and is now, I think a
> 33 MHz Cyrix486 with 8Mb of RAM (physical constraints of the mother board
> won't allow me to add more RAM).  It boots NetBSD 1.3 fine and reports the
> Cyrix as such.  The machine has only a ISA bus... so I assume I can only
> get 10Mb NICs for it (there's one in there now).
> In an effort to plan ahead, I'm trying to sketch out some details of
> potentital configurations...  I have some pratical questions:
>         1) Is this configuration sufficient to support two NICs and run a
> firewall with NAT service...?  
> I seem to remember that 100Mb NICs are suggested for interfaces to cable
> modems and DSL bridges (as per literature from the entities that provide
> the service).
>         2) Do such modems and bridges really need to be connected to 100Mb
> interfaces?  Or can I likely connect the above modems/bridges to the 386
> machine I mention above.
>         I'd appreciate any comments/suggestions... hearing about actual
> experience would be great.  
>         Thanks.
>         - Scott Presnell (

Rick Byers                       University of Waterloo, Computer Science