Date: Tue, 5 Mar 2002 09:22:50 -0500 From: "Larry Cronin (Hotmail)" <lccronin@hotmail.com> To: <deepak@ai.net>, <freebsd-questions@FreeBSD.ORG> Subject: Re: Freebsd ipf firewall and slow web access Message-ID: <OE5933tYwlib4g3Sv0Y000156bb@hotmail.com> References: <GPEOJKGHAMKFIOMAGMDIKEMKJJAA.deepak@ai.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Deekpak, This is what I have for the netstat -m 257/288/5824 mbufs in use (current/peak/max) 257 mbufs allocated to data 256/280/1456 mbuf clusters in use (current/peak/max) 632 Kbytes allocated to network (14% of mb_map in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines Also my vmstat: is as follows /0 /1 /2 /3 /4 /5 /6 /7 /8 /9 /10 HLoad Average /0 /10 /20 /30 /40 /50 /60 /70 /80 /90 /100 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Any thoughts? ----- Original Message ----- From: "Deepak Jain" <deepak@ai.net> To: "Larry Cronin" <lccronin@hotmail.com>; <freebsd-questions@FreeBSD.ORG> Sent: Monday, March 04, 2002 3:52 PM Subject: RE: Freebsd ipf firewall and slow web access > > Make sure you have enough MBUFs [NMBCLUSTERS] in your kernel. > > When the speed gets poor, log into the firewall box [pref at the console] > and do a "netstat -m" to make sure you are not running into memory > denied/delayed errors. > > 1.5Mb/s may be enough bandwidth to hurt the default MBUF settings with a low > number of maxusers configured. > > If that fails, check your interrupt load with a systat :vmstat, you may be > hurting the box, but I doubt it. I remember 133mhz i486-type PCs could crush > T-1s with web access. > > Regards, > > Deepak Jain > AiNET > > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Larry Cronin > Sent: Monday, March 04, 2002 3:43 PM > To: freebsd-questions@FreeBSD.ORG > Subject: Freebsd ipf firewall and slow web access > > > Hello, > > We recently moved ISP's and in the process we setup a FreeBSD stable 4.2 > firewall using IPF with stateful. The box is PII 233 with 64 MB RAM and a > 20GB drive. We tested this with about 20 or so pc's and the speed was fine, > we are using a T1. When we went live with or so 80 pc's the speed is great > for a few minutes and then terrible for a few minutes. We are not running > NAT. My network is as follows > > router firewall-out firewall-in network > 999.888.777.129 999.888.777.130 999.888.666.1 999.888.666.- > > Thanks > > Larry > > > _________________________________________________________________ > MSN Photos is the easiest way to share and print your photos: > http://photos.msn.com/support/worldwide.aspx > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OE5933tYwlib4g3Sv0Y000156bb>