From owner-freebsd-stable@FreeBSD.ORG Thu Dec 23 19:52:40 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 75BEA16A4CE for ; Thu, 23 Dec 2004 19:52:40 +0000 (GMT) Received: from sccmmhc92.asp.att.net (sccmmhc92.asp.att.net [204.127.203.212]) by mx1.FreeBSD.org (Postfix) with ESMTP id CFF0243D49 for ; Thu, 23 Dec 2004 19:52:39 +0000 (GMT) (envelope-from josh@tcbug.org) Received: from twinmp (12-218-40-24.client.mchsi.com[12.218.40.24]) by sccmmhc92.asp.att.net (sccmmhc92) with ESMTP id <20041223195233m9200a9v7pe>; Thu, 23 Dec 2004 19:52:34 +0000 From: Josh Paetzel To: freebsd-stable@freebsd.org Date: Thu, 23 Dec 2004 13:50:16 +0000 User-Agent: KMail/1.7 References: <20041223141828.B1788@ganymede.hub.org> In-Reply-To: <20041223141828.B1788@ganymede.hub.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200412231350.16452.josh@tcbug.org> Subject: Re: FreeBSD 5.3-STABLE makes terrible router/gateway? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Dec 2004 19:52:40 -0000 On Thursday 23 December 2004 18:24, Marc G. Fournier wrote: > Due to limitations in the standard 'linksys/dlink/netgear' routers, > as far as firewalls are concerned, last night I setup one of my > 5.3-STABLE boxes as being the gateway ... unless I've set something > up wrong, 'blows chunks' is what comes to mind :( > > The machine: > > CPU: Intel(R) Pentium(R) 4 CPU 2.00GHz (1995.01-MHz 686-class CPU) > real memory = 536805376 (511 MB) > avail memory = 519823360 (495 MB) > > Two controllers: > > fxp0: port 0xd000-0xd03f mem > 0xfa000000-0xfa01ffff,0xfa021000-0xfa021fff irq 19 at device 9.0 on > pci2 miibus0: on fxp0 fxp0: Ethernet address: > 00:02:b3:ee:da:3e > > de0: port 0xd100-0xd17f mem > 0xfa020000-0xfa02007f irq 20 at device 11.0 on pci2 de0: > [GIANT-LOCKED] > de0: SMC 9332BDT 21140A [10-100Mb/s] pass 2.0 > de0: enabling 10baseT port > de0: Ethernet address: 00:00:c0:b9:e1:f9 > > Firewall rules are bare minimal: > > # ipfw list > 00050 divert 8668 ip from any to any via de0 > 01000 allow ip from any to any > 65535 deny ip from any to any > > And natd is running with: > > -redirect_port tcp 192.168.1.4:22 22 -n de0 > > I run interactive sessions to my remote/colo servers ... and I can > *see* the difference between the Linksys and the FreeBSD box, as > far as being able to get work done is concerned ... > > My only thought is that its the de controller itself ... when I > tried to compile it into the kernel, vs using it as a module, it > caused the server itself to crash just before it did the PRNG stuff > (just after mounting root) ... loading it as a module works fine > though ... > > is there a problem with the de driver itself, or 5.x, that needs to > be looked into? > > thanks ... > > ---- > Marc G. Fournier Hub.Org Networking Services > (http://www.hub.org) Email: scrappy@hub.org Yahoo!: > yscrappy ICQ: 7615664 Is it possible that there is a 10/100 or duplex mismatch on the NICs? I use a 200mhz Ppro w/ the fxp0 and sis0 drivers to nat/firewall a 3mbps connection so I would think your hardware is sufficient to do the job. -- Thanks, Josh Paetzel