From owner-freebsd-questions@FreeBSD.ORG Wed Mar 10 06:09:13 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 11B8016A4D0 for ; Wed, 10 Mar 2004 06:09:13 -0800 (PST) Received: from ws1.cnweb.com (ws1.cnweb.com [207.91.1.11]) by mx1.FreeBSD.org (Postfix) with SMTP id 3814543D4C for ; Wed, 10 Mar 2004 06:09:12 -0800 (PST) (envelope-from darryl@osborne-ind.com) Received: (qmail 14154 invoked from network); 10 Mar 2004 14:09:11 -0000 Received: from p189n31.ruraltel.net (HELO darryl) (24.225.31.189) by spkg.com with SMTP; 10 Mar 2004 14:09:11 -0000 From: "Darryl Hoar" To: "'Mike Jackson'" Date: Wed, 10 Mar 2004 08:10:05 -0600 Message-ID: <009401c406a9$635e2350$0701a8c0@darryl> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200 In-Reply-To: <20040309175520.GK8152@gentoo.netauth.com> Importance: Normal cc: freebsd-questions@freebsd.org Subject: RE: Firewall & DSL performance X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: darryl@osborne-ind.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Mar 2004 14:09:13 -0000 Well, last night I changed the ipf.rules file to be: pass in all keep state pass out all keep state to completely open my firewall to test my performance. Well, it didn't make a lick of difference. Still got 700K. If I open the firewall like I did, shouldn't performance be a non issue ? thanks, Darryl > -----Original Message----- > From: Mike Jackson [mailto:mj@sci.fi] > Sent: Tuesday, March 09, 2004 11:55 AM > To: Darryl Hoar > Subject: Re: Firewall & DSL performance > > > Darryl Hoar (darryl@osborne-ind.com) wrote: > > > > Problem: > > Recently, our ISP upgraded (at no charge) our connection > from 512K to > > 1.5Mb. When testing from a computer on my Lan, I was only > seeing about > > 700K. Testing at the box on the side of my house yielded > 1.5Mb. Testing > > at the jack inside also yielded 1.5Mb. So, my firewall seems to be > > slowing things down. > > Run `top' and watch the memory and processor usage when > downloading an iso > from some internet site. > > Open another terminal and run `iostat -odICTw 2 -c 9', to > watch your io > performance. > > Open another terminal and run `vmstat -w 5', to watch virtual memory > statistics. > > Finally, a slow processor just might be the bottleneck. For > example, if > you put a gigabit ethernet card in a P4 and one in a P2, you will most > likely not get full speed - especially if there is kernel level packet > interception going, e.g. ipsec, nat, or firewall filters. > > HTH, > -- > Mike Jackson >