From owner-freebsd-questions@FreeBSD.ORG Fri Jan 28 21:51:09 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1435216A4CE for ; Fri, 28 Jan 2005 21:51:09 +0000 (GMT) Received: from stewie.obfuscated.net (stewie.obfuscated.net [66.118.188.125]) by mx1.FreeBSD.org (Postfix) with ESMTP id DB4EA43D31 for ; Fri, 28 Jan 2005 21:51:08 +0000 (GMT) (envelope-from meconlen@obfuscated.net) Received: from [192.168.1.100] (653259hfc120.tampabay.rr.com [65.32.59.120]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by stewie.obfuscated.net (Postfix) with ESMTP id 6D53E60D6; Fri, 28 Jan 2005 16:51:08 -0500 (EST) In-Reply-To: <41FAB04E.9080606@mac.com> References: <7dafe99c9578eecb24e826dc7226278b@obfuscated.net> <41FAB04E.9080606@mac.com> Mime-Version: 1.0 (Apple Message framework v619.2) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <39eb5cf34159845c32f463933f35f16e@obfuscated.net> Content-Transfer-Encoding: 7bit From: Michael E.Conlen Date: Fri, 28 Jan 2005 16:50:26 -0500 To: Chuck Swiger X-Mailer: Apple Mail (2.619.2) cc: FreeBSD Mailing List Subject: Re: pf and different MTUs X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jan 2005 21:51:09 -0000 On Jan 28, 2005, at 4:36 PM, Chuck Swiger wrote: > Michael E.Conlen wrote: >> I'm using FreeBSD and PF as a firewall between two networks. I want >> to change the MTU on one network to 9k but I have to leave the MTU on >> the other network at 1500 bytes. Will the system handle the >> fragmenting for me going from the larger MTU to the smaller? > > Sure. However, if you have a lot of traffic using jumbo frames going > over that 1500 MTU segment, you might be better off using an MTU of > 1500 everywhere. > At least half the traffic I use now doesn't go over that link and would benefit from the larger MTU. In addition I'm constrained on resources for those servers where as I can add additional firewalls without great expense. On the other side there is a good bit of traffic going over those links that would use jumbo frames but not all of it would. In addition the cost of using two separate networks for the traffic would be more than adding two more firewalls (based on the cost of doubling the number of ports) so I'm figuring this is the way to go. Thanks.