Date: Wed, 10 Mar 2004 08:10:05 -0600 From: "Darryl Hoar" <darryl@osborne-ind.com> To: "'Mike Jackson'" <mj@sci.fi> Cc: freebsd-questions@freebsd.org Subject: RE: Firewall & DSL performance Message-ID: <009401c406a9$635e2350$0701a8c0@darryl> In-Reply-To: <20040309175520.GK8152@gentoo.netauth.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Well, last night I changed the ipf.rules file to be: pass in all keep state pass out all keep state to completely open my firewall to test my performance. Well, it didn't make a lick of difference. Still got 700K. If I open the firewall like I did, shouldn't performance be a non issue ? thanks, Darryl > -----Original Message----- > From: Mike Jackson [mailto:mj@sci.fi] > Sent: Tuesday, March 09, 2004 11:55 AM > To: Darryl Hoar > Subject: Re: Firewall & DSL performance > > > Darryl Hoar (darryl@osborne-ind.com) wrote: > > > > Problem: > > Recently, our ISP upgraded (at no charge) our connection > from 512K to > > 1.5Mb. When testing from a computer on my Lan, I was only > seeing about > > 700K. Testing at the box on the side of my house yielded > 1.5Mb. Testing > > at the jack inside also yielded 1.5Mb. So, my firewall seems to be > > slowing things down. > > Run `top' and watch the memory and processor usage when > downloading an iso > from some internet site. > > Open another terminal and run `iostat -odICTw 2 -c 9', to > watch your io > performance. > > Open another terminal and run `vmstat -w 5', to watch virtual memory > statistics. > > Finally, a slow processor just might be the bottleneck. For > example, if > you put a gigabit ethernet card in a P4 and one in a P2, you will most > likely not get full speed - especially if there is kernel level packet > interception going, e.g. ipsec, nat, or firewall filters. > > HTH, > -- > Mike Jackson >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?009401c406a9$635e2350$0701a8c0>