From owner-freebsd-security Sun Aug 20 19:30:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from vindaloo.allsolutions.com.au (vindaloo.allsolutions.com.au [203.111.24.54]) by hub.freebsd.org (Postfix) with ESMTP id B33F137B422 for ; Sun, 20 Aug 2000 19:30:43 -0700 (PDT) Received: from ASPerth1.allsolutions.com.au (aspns.internal [192.9.200.250]) by vindaloo.allsolutions.com.au (8.9.3/8.9.3) with SMTP id KAA29297 for ; Mon, 21 Aug 2000 10:30:35 +0800 (WST) (envelope-from David_May@allsolutions.com.au) Received: by ASPerth1.allsolutions.com.au(Lotus SMTP MTA v1.2 (600.1 3-26-1998)) id 48256942.000E21A8 ; Mon, 21 Aug 2000 10:34:21 +0800 X-Lotus-FromDomain: ALL SOLUTIONS From: "David May" To: freebsd-security@FreeBSD.ORG Message-ID: <48256942.00072D07.00@ASPerth1.allsolutions.com.au> Date: Mon, 21 Aug 2000 10:34:17 +0800 Subject: Re: [Q] why does my firewall degrade Web performance? Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Sorry this was a bit off-topic. Perhaps I should have posted my question as "what is the performance cost of security ?" :) Thanks to everybody who made suggestions about this problem. I have not resolved it yet but number of the suggestions posted have been tried. One thing is clear from the contradictory nature of comments received so far: I need to benchmark the system to get a clearer picture of the problem. So far, it looks like the hardware and cabling are sound and firewall CPU performance is not a problem. I am waiting for the new FreeBSD 4.1 CD-ROM from Walnut Creek/BSDI so I can try the more up-to-date software but that may take another 3-4 weeks to arrive. If I find the answer I will post the results here and in freebsd-ipfw in case others find it useful. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message