From owner-freebsd-ipfw@FreeBSD.ORG Sun Sep 7 08:27:22 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C424F16A4BF for ; Sun, 7 Sep 2003 08:27:22 -0700 (PDT) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1992344015 for ; Sun, 7 Sep 2003 08:27:22 -0700 (PDT) (envelope-from don@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2653.19) id ; Sun, 7 Sep 2003 11:27:21 -0400 Message-ID: From: Don Bowman To: 'dsa dsa' , freebsd-ipfw@freebsd.org Date: Sun, 7 Sep 2003 11:27:20 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Subject: RE: Crippled transparent firewall X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Sep 2003 15:27:22 -0000 > From: dsa dsa [mailto:cravietz@hotmail.com] > > I have Freebsd 4.8 on P4 2.4, 1 gb DDR ram and two > Intel EtherPro100 (fxp0,fxp1). I have setup > transparent firewall/birdge on it. The purpose of > doing that is only to relieve cpu load of cisco router > (7200) which is getting hit pretty often by DDoS > attacks. Line carries 100 mbps. Basically it looks > like this: > > Cisco>--------------------100mbps------- > ok, now, let's put it this way..cisco is pushing about > 50mbps during off-peak hours but when i put this > BSD-based transparent firewall in front of the cisco > router it goes down to 15 mbps while the 'top' output > shows 90% idle. No firewall rules have been set so > far. > I would check netstat -m. If you are seeing denied mbufs, then i would increase NMBCLUSTERS/NMBUFS. I would check that your cisco and bsd & internet connection agree on duplex. e.g. if 1 is auto and the other is forced 100 full, the auto one will go to 100 half, which is useless :). Check for excessive collisions to see this.