From owner-freebsd-security Fri Aug 18 7:45: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id B86CC37B422 for ; Fri, 18 Aug 2000 07:45:06 -0700 (PDT) Received: from bsdie.rwsystems.net([209.197.223.2]) (1515 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Fri, 18 Aug 2000 09:36:43 -0500 (CDT) (Smail-3.2.0.106 1999-Mar-31 #1 built 1999-Aug-7) Date: Fri, 18 Aug 2000 09:36:43 -0500 (CDT) From: James Wyatt To: freebsd-security@FreeBSD.ORG Subject: Re: [Q] why does my firewall degrade Web performance? In-Reply-To: <200008171558.JAA23163@nomad.yogotech.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Doesn't load average count the average number of processes waiting on (or in) a 'run' state? Don't the ipfw functions get performed by the kernel? If so, wouldn't the only rise in load average be from a secondary effect on 'coalmine canary' like programs? If you aren't running apache or lotsa sendmail or something would loadave even go up much under heavy load? Just wanting to learn how things work - Jy@ On Thu, 17 Aug 2000, Nate Williams wrote: > > : > The firewall machine CPU load is always light. It is a Pentium II Celeron > > : > 300MHz, 64Mb RAM, four Ethernet cards (3 D-Link 10/100, 1 NE2000), [ ... ] > No kidding. I have 133 on my firewall, and it's a 486/66, and it keeps > up *just fine* running with a 100MB ethernet connected to a T1. > > I've never seen the box under any load average, and it's been on the net > since '93. We used a 486 for firewall in commercial products (and > would continue to do so except that you can't find them anymore). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message