From owner-freebsd-stable@FreeBSD.ORG Thu Dec 23 20:20:38 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5438F16A4CE for ; Thu, 23 Dec 2004 20:20:38 +0000 (GMT) Received: from smtp01.syd.iprimus.net.au (smtp01.syd.iprimus.net.au [210.50.30.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0F85343D2D for ; Thu, 23 Dec 2004 20:20:38 +0000 (GMT) (envelope-from tim@robbins.dropbear.id.au) Received: from robbins.dropbear.id.au (210.50.36.139) by smtp01.syd.iprimus.net.au (7.0.036) id 41A76DD900C22711; Fri, 24 Dec 2004 07:20:36 +1100 Received: by robbins.dropbear.id.au (Postfix, from userid 1000) id E1A6A4297; Fri, 24 Dec 2004 07:20:34 +1100 (EST) Date: Fri, 24 Dec 2004 07:20:34 +1100 From: Tim Robbins To: "Marc G. Fournier" Message-ID: <20041223202034.GA954@cat.robbins.dropbear.id.au> References: <20041223141828.B1788@ganymede.hub.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20041223141828.B1788@ganymede.hub.org> User-Agent: Mutt/1.4.1i cc: freebsd-stable@freebsd.org Subject: Re: FreeBSD 5.3-STABLE makes terrible router/gateway? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Dec 2004 20:20:38 -0000 On Thu, Dec 23, 2004 at 02:24:18PM -0400, Marc G. Fournier wrote: > > Due to limitations in the standard 'linksys/dlink/netgear' routers, as far > as firewalls are concerned, last night I setup one of my 5.3-STABLE boxes > as being the gateway ... unless I've set something up wrong, 'blows > chunks' is what comes to mind :( > > The machine: > > CPU: Intel(R) Pentium(R) 4 CPU 2.00GHz (1995.01-MHz 686-class CPU) > real memory = 536805376 (511 MB) > avail memory = 519823360 (495 MB) > > Two controllers: > > fxp0: port 0xd000-0xd03f mem > 0xfa000000-0xfa01ffff,0xfa021000-0xfa021fff irq 19 at device 9.0 on pci2 > miibus0: on fxp0 > fxp0: Ethernet address: 00:02:b3:ee:da:3e > > de0: port 0xd100-0xd17f mem > 0xfa020000-0xfa02007f irq 20 at device 11.0 on pci2 > de0: [GIANT-LOCKED] > de0: SMC 9332BDT 21140A [10-100Mb/s] pass 2.0 > de0: enabling 10baseT port > de0: Ethernet address: 00:00:c0:b9:e1:f9 > > Firewall rules are bare minimal: > > # ipfw list > 00050 divert 8668 ip from any to any via de0 > 01000 allow ip from any to any > 65535 deny ip from any to any > > And natd is running with: > > -redirect_port tcp 192.168.1.4:22 22 -n de0 > > I run interactive sessions to my remote/colo servers ... and I can *see* > the difference between the Linksys and the FreeBSD box, as far as being > able to get work done is concerned ... > > My only thought is that its the de controller itself ... when I tried to > compile it into the kernel, vs using it as a module, it caused the server > itself to crash just before it did the PRNG stuff (just after mounting > root) ... loading it as a module works fine though ... > > is there a problem with the de driver itself, or 5.x, that needs to be > looked into? Please put a little effort into researching the problem before making unhelpful comments about "blowing chunks". Try a different NIC; try using ipfilter or pf NAT instead of natd if you expect performance. Tim