From owner-freebsd-questions@FreeBSD.ORG Wed Mar 10 06:57:15 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6935216A4CF for ; Wed, 10 Mar 2004 06:57:15 -0800 (PST) Received: from ws1.cnweb.com (ws1.cnweb.com [207.91.1.11]) by mx1.FreeBSD.org (Postfix) with SMTP id E8A6E43D3F for ; Wed, 10 Mar 2004 06:57:14 -0800 (PST) (envelope-from darryl@osborne-ind.com) Received: (qmail 29699 invoked from network); 10 Mar 2004 14:57:13 -0000 Received: from p189n31.ruraltel.net (HELO darryl) (24.225.31.189) by spkg.com with SMTP; 10 Mar 2004 14:57:13 -0000 From: "Darryl Hoar" To: Date: Wed, 10 Mar 2004 08:58:07 -0600 Message-ID: <00ac01c406b0$19aa79f0$0701a8c0@darryl> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200 In-Reply-To: Importance: Normal cc: freebsd-questions@freebsd.org Subject: RE: Firewall & DSL performance X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: darryl@osborne-ind.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Mar 2004 14:57:15 -0000 I didn't mean to imply that ipfilter itself had a performance problem, just that my configuration/hardware exhibited a performance problem once my DSL was boosted to 1.5Mb. There is a box on the side of my house that the fiber is connected to. It has a network port for testing. The tech connected his notebook to this port and saw 1.5Mb performance. There is a cat 5 run from this external box to my office in my basement. There is a jack on the end of this run. The tech connected to this jack and saw roughly 1.48Mb performance. Since both cards in the firewall are 3com 10Mb cards, they won't show 100Mb. When I did an ifconfig -a I see them represented as 10Mb/UTP. I did not see any reference to the duplex mode (half or full). I will examine this to see if it is somehow running in half duplex mode when plugged into my DSL link. >From the command line on my firewall, if I ftp down a file, how do I figure the Mbps ? thanks, Darryl > -----Original Message----- > From: JJB [mailto:Barbish3@adelphia.net] > Sent: Wednesday, March 10, 2004 8:46 AM > To: darryl@osborne-ind.com > Subject: RE: Firewall & DSL performance > > > If the ipfilter firewall had an performance problem, I am sure many > people other that you would have been complaining about it. I use > ipfilter and have no performance problem. You have to look else > where for your problem. > > Check all the Nic and switches or hubs in the path the test packets > flow through to verify they are all operating in full duplex/100 > mode. Then start with the gateway box and run native FTP to your > public FTP site and see what the through put is there. If it bad > then you have isolated the problem to the nic card that connects you > to the DSL modem. > > Greater details about how you test from the lan is needed to help > you. > Also an detailed description of just what you mean by your > statements > "Testing at the box on the side of my house yielded 1.5Mb. > Testing at the jack inside also yielded 1.5Mb". > > > > > > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Darryl Hoar > Sent: Wednesday, March 10, 2004 9:10 AM > To: 'Mike Jackson' > Cc: freebsd-questions@freebsd.org > Subject: RE: Firewall & DSL performance > > Well, > last night I changed the ipf.rules file to be: > > pass in all keep state > pass out all keep state > > to completely open my firewall to test my performance. > > Well, it didn't make a lick of difference. Still got > 700K. > > If I open the firewall like I did, shouldn't performance > be a non issue ? > > thanks, > Darryl > > > -----Original Message----- > > From: Mike Jackson [mailto:mj@sci.fi] > > Sent: Tuesday, March 09, 2004 11:55 AM > > To: Darryl Hoar > > Subject: Re: Firewall & DSL performance > > > > > > Darryl Hoar (darryl@osborne-ind.com) wrote: > > > > > > Problem: > > > Recently, our ISP upgraded (at no charge) our connection > > from 512K to > > > 1.5Mb. When testing from a computer on my Lan, I was only > > seeing about > > > 700K. Testing at the box on the side of my house yielded > > 1.5Mb. Testing > > > at the jack inside also yielded 1.5Mb. So, my firewall seems to > be > > > slowing things down. > > > > Run `top' and watch the memory and processor usage when > > downloading an iso > > from some internet site. > > > > Open another terminal and run `iostat -odICTw 2 -c 9', to > > watch your io > > performance. > > > > Open another terminal and run `vmstat -w 5', to watch virtual > memory > > statistics. > > > > Finally, a slow processor just might be the bottleneck. For > > example, if > > you put a gigabit ethernet card in a P4 and one in a P2, you will > most > > likely not get full speed - especially if there is kernel level > packet > > interception going, e.g. ipsec, nat, or firewall filters. > > > > HTH, > > -- > > Mike Jackson > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > >