From owner-freebsd-net@FreeBSD.ORG Wed Feb 7 02:52:53 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 346AC16A500 for ; Wed, 7 Feb 2007 02:52:52 +0000 (UTC) (envelope-from justin@sk1llz.net) Received: from sed.awknet.com (sed.awknet.com [66.152.175.11]) by mx1.freebsd.org (Postfix) with ESMTP id 1D08A13C4A7 for ; Wed, 7 Feb 2007 02:52:52 +0000 (UTC) (envelope-from justin@sk1llz.net) Received: by sed.awknet.com (Postfix, from userid 58) id EB39010BBE4F; Tue, 6 Feb 2007 18:52:51 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on sed.awknet.com X-Spam-Level: X-Spam-Status: No, score=0.5 required=5.0 tests=AWL,BAYES_50 autolearn=disabled version=3.1.3 Received: from [192.168.1.101] (cpe-76-167-105-254.socal.res.rr.com [76.167.105.254]) by sed.awknet.com (Postfix) with ESMTP id BDE3F10BBCF9; Tue, 6 Feb 2007 18:52:49 -0800 (PST) Message-ID: <45C93EF8.4040204@sk1llz.net> Date: Tue, 06 Feb 2007 18:52:40 -0800 From: Justin Robertson User-Agent: Thunderbird 1.5.0.9 (Windows/20061207) MIME-Version: 1.0 To: Julian Elischer , freebsd-net@freebsd.org References: <45C8E2A2.9040204@sk1llz.net> <45C8EC53.8020803@elischer.org> <45C91CDF.7000509@sk1llz.net> <45C93872.8050100@elischer.org> In-Reply-To: <45C93872.8050100@elischer.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: 6.x, 4.x ipfw/dummynet pf/altq - network performance issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2007 02:52:53 -0000 So in a sense I should be able to do away with the transparent bridge. However, 6.x in any mode (bridge or not) was still incapable of pushing the traffic that 4.x could. This would certainly help remove one machine from the mix, but still requires running 4.x to get any real performance. :-\ Julian Elischer wrote: > Justin Robertson wrote: >> Err, forgot to reply to -net, at anyrate, layer 2 isn't useful as it >> doesn't undertand ip addresses, ports, protocols, etc. > > filtereing at the NIC (sysctl net.link.ether.ipfw=1 or something > similar) lets you do layer 3 filtereing at the NIC layer.. > >> >> Julian Elischer wrote: >>> Justin Robertson wrote: >>>> >>> >>> >>> >>>> Splitting the task into a transparent filtering bridge with a >>>> separate routing box appears to clear it up entirely. >>> >>> how does that differ from using mac level ipfw? >>> >>> i.e. turning on filtering at the NIC (layer 2). >>> >>> (have you tried doing that?) >>> >> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > >