Date: Fri, 24 Dec 2004 07:20:34 +1100 From: Tim Robbins <tjr@freebsd.org> To: "Marc G. Fournier" <scrappy@hub.org> Cc: freebsd-stable@freebsd.org Subject: Re: FreeBSD 5.3-STABLE makes terrible router/gateway? Message-ID: <20041223202034.GA954@cat.robbins.dropbear.id.au> In-Reply-To: <20041223141828.B1788@ganymede.hub.org> References: <20041223141828.B1788@ganymede.hub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 23, 2004 at 02:24:18PM -0400, Marc G. Fournier wrote: > > Due to limitations in the standard 'linksys/dlink/netgear' routers, as far > as firewalls are concerned, last night I setup one of my 5.3-STABLE boxes > as being the gateway ... unless I've set something up wrong, 'blows > chunks' is what comes to mind :( > > The machine: > > CPU: Intel(R) Pentium(R) 4 CPU 2.00GHz (1995.01-MHz 686-class CPU) > real memory = 536805376 (511 MB) > avail memory = 519823360 (495 MB) > > Two controllers: > > fxp0: <Intel 82550 Pro/100 Ethernet> port 0xd000-0xd03f mem > 0xfa000000-0xfa01ffff,0xfa021000-0xfa021fff irq 19 at device 9.0 on pci2 > miibus0: <MII bus> on fxp0 > fxp0: Ethernet address: 00:02:b3:ee:da:3e > > de0: <Digital 21140A Fast Ethernet> port 0xd100-0xd17f mem > 0xfa020000-0xfa02007f irq 20 at device 11.0 on pci2 > de0: [GIANT-LOCKED] > de0: SMC 9332BDT 21140A [10-100Mb/s] pass 2.0 > de0: enabling 10baseT port > de0: Ethernet address: 00:00:c0:b9:e1:f9 > > Firewall rules are bare minimal: > > # ipfw list > 00050 divert 8668 ip from any to any via de0 > 01000 allow ip from any to any > 65535 deny ip from any to any > > And natd is running with: > > -redirect_port tcp 192.168.1.4:22 22 -n de0 > > I run interactive sessions to my remote/colo servers ... and I can *see* > the difference between the Linksys and the FreeBSD box, as far as being > able to get work done is concerned ... > > My only thought is that its the de controller itself ... when I tried to > compile it into the kernel, vs using it as a module, it caused the server > itself to crash just before it did the PRNG stuff (just after mounting > root) ... loading it as a module works fine though ... > > is there a problem with the de driver itself, or 5.x, that needs to be > looked into? Please put a little effort into researching the problem before making unhelpful comments about "blowing chunks". Try a different NIC; try using ipfilter or pf NAT instead of natd if you expect performance. Tim
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041223202034.GA954>