Date: Thu, 17 Aug 2000 10:16:15 -0600 (MDT) From: Nate Williams <nate@yogotech.com> To: "John" <john@digitalinet.com> Cc: "Nate Williams" <nate@yogotech.com>, "Warner Losh" <imp@village.org>, "Mike Silbersack" <silby@silby.com>, "David May" <David_May@allsolutions.com.au>, <freebsd-security@FreeBSD.ORG> Subject: Re: [Q] why does my firewall degrade Web performance? Message-ID: <200008171616.KAA23260@nomad.yogotech.com> In-Reply-To: <000b01c00866$5ca6de20$03030303@john> References: <Pine.BSF.4.21.0008161825580.14500-100000@achilles.silby.com> <200008170516.XAA09705@harmony.village.org> <200008171558.JAA23163@nomad.yogotech.com> <000b01c00866$5ca6de20$03030303@john>
next in thread | previous in thread | raw e-mail | index | archive | help
> I recommend making sure the nic's on the machine are performing fine. For what it's worth, I'm using one of the *really* crappy cards (3c509) on my 486/66, and it's still working fine. IPFW is a *very* effecient packet filtering implementation, so either the firewall rules are implemented poorly (you can optimize them rather easily by doing fast-path guesses), or something else is wrong. > I also recommend you benchmark your webserver from inside the firewall then > from outside. > If you can't figure anything out I recommend you try using ipfilter instead > of ipfw. ipfilter is much more resource hungry than ipfw. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008171616.KAA23260>