From owner-freebsd-questions Tue Mar 5 6:22:58 2002 Delivered-To: freebsd-questions@freebsd.org Received: from hotmail.com (oe59.law11.hotmail.com [64.4.16.194]) by hub.freebsd.org (Postfix) with ESMTP id 323C637B402 for ; Tue, 5 Mar 2002 06:22:52 -0800 (PST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 5 Mar 2002 06:22:51 -0800 X-Originating-IP: [65.217.191.106] From: "Larry Cronin (Hotmail)" To: , References: Subject: Re: Freebsd ipf firewall and slow web access Date: Tue, 5 Mar 2002 09:22:50 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Message-ID: X-OriginalArrivalTime: 05 Mar 2002 14:22:51.0961 (UTC) FILETIME=[3BE91290:01C1C451] Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Deekpak, This is what I have for the netstat -m 257/288/5824 mbufs in use (current/peak/max) 257 mbufs allocated to data 256/280/1456 mbuf clusters in use (current/peak/max) 632 Kbytes allocated to network (14% of mb_map in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines Also my vmstat: is as follows /0 /1 /2 /3 /4 /5 /6 /7 /8 /9 /10 HLoad Average /0 /10 /20 /30 /40 /50 /60 /70 /80 /90 /100 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Any thoughts? ----- Original Message ----- From: "Deepak Jain" To: "Larry Cronin" ; Sent: Monday, March 04, 2002 3:52 PM Subject: RE: Freebsd ipf firewall and slow web access > > Make sure you have enough MBUFs [NMBCLUSTERS] in your kernel. > > When the speed gets poor, log into the firewall box [pref at the console] > and do a "netstat -m" to make sure you are not running into memory > denied/delayed errors. > > 1.5Mb/s may be enough bandwidth to hurt the default MBUF settings with a low > number of maxusers configured. > > If that fails, check your interrupt load with a systat :vmstat, you may be > hurting the box, but I doubt it. I remember 133mhz i486-type PCs could crush > T-1s with web access. > > Regards, > > Deepak Jain > AiNET > > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Larry Cronin > Sent: Monday, March 04, 2002 3:43 PM > To: freebsd-questions@FreeBSD.ORG > Subject: Freebsd ipf firewall and slow web access > > > Hello, > > We recently moved ISP's and in the process we setup a FreeBSD stable 4.2 > firewall using IPF with stateful. The box is PII 233 with 64 MB RAM and a > 20GB drive. We tested this with about 20 or so pc's and the speed was fine, > we are using a T1. When we went live with or so 80 pc's the speed is great > for a few minutes and then terrible for a few minutes. We are not running > NAT. My network is as follows > > router firewall-out firewall-in network > 999.888.777.129 999.888.777.130 999.888.666.1 999.888.666.- > > Thanks > > Larry > > > _________________________________________________________________ > MSN Photos is the easiest way to share and print your photos: > http://photos.msn.com/support/worldwide.aspx > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message