From owner-freebsd-hackers Tue Jan 14 03:59:11 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id DAA08188 for hackers-outgoing; Tue, 14 Jan 1997 03:59:11 -0800 (PST) Received: from nic.follonett.no (nic.follonett.no [194.198.43.10]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id DAA08179 for ; Tue, 14 Jan 1997 03:59:08 -0800 (PST) Received: (from uucp@localhost) by nic.follonett.no (8.8.3/8.8.3) with UUCP id MAA09929 for hackers@freebsd.org; Tue, 14 Jan 1997 12:57:51 +0100 (MET) Received: from oo7 (oo7.dimaga.com [192.0.0.65]) by dimaga.com (8.7.5/8.7.2) with SMTP id MAA00455 for ; Tue, 14 Jan 1997 12:58:38 +0100 (MET) Message-Id: <3.0.32.19970114125837.00a71dc0@dimaga.com> X-Sender: eivind@dimaga.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Tue, 14 Jan 1997 12:58:38 +0100 To: hackers@freebsd.org From: Eivind Eklund Subject: IPFW + Samba -> performance problem Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I have Samba running on a 2.1.6-system - a Compaq ProSignia 500 (built-in NCR-controller and AMD Lance ethernet), with Windows NT 4.0 and Windows95 as clients. After doing some performance-tuning (especially enabling TCP_NODELAY), this work quite well. Runs approx 800KB/s both on read and write. This same server dial out with PPP. One day I got a fit of paranoia, and decided to install ipfw to throw away packets coming from the net. The firewalling worked, performance for reads from Samba is the same as ever, but performance for writes dropped from well above 500KB/s to approx 20KB/s (25-fold). The problem perists even with a ruleset that start with 00050 allow all from any to any which should catch all and make the ruleset as fast as possible. Has anybody got a clue? Because, in this case, I haven't. (A hyopthesis is that something might happen to the TCP_NODELAY option when firewalling is enabled, but this sounds kind of unlikely.) Eivind Eklund / perhaps@yes.no / http://maybe.yes.no/perhaps/