From owner-freebsd-security Tue Aug 15 22:40:57 2000 Delivered-To: freebsd-security@freebsd.org Received: from vindaloo.allsolutions.com.au (vindaloo.allsolutions.com.au [203.111.24.54]) by hub.freebsd.org (Postfix) with ESMTP id 6B31837BF1C for ; Tue, 15 Aug 2000 22:40:52 -0700 (PDT) (envelope-from David_May@allsolutions.com.au) Received: from ASPerth1.allsolutions.com.au (aspns.internal [192.9.200.250]) by vindaloo.allsolutions.com.au (8.9.3/8.9.3) with SMTP id NAA04344 for ; Wed, 16 Aug 2000 13:40:48 +0800 (WST) (envelope-from David_May@allsolutions.com.au) Received: by ASPerth1.allsolutions.com.au(Lotus SMTP MTA v1.2 (600.1 3-26-1998)) id 4825693D.001F31D9 ; Wed, 16 Aug 2000 13:40:43 +0800 X-Lotus-FromDomain: ALL SOLUTIONS From: "David May" To: freebsd-security@freebsd.org Message-ID: <4825693D.00159022.00@ASPerth1.allsolutions.com.au> Date: Wed, 16 Aug 2000 13:40:41 +0800 Subject: [Q] why does my firewall degrade Web performance? Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have a FreeBSD 3.2 firewall running ipfw+natd in front of a Windows NT 4.0 Web server and an internal network. Internet connection is 2Mb DSL. When the Web server is protected by the firewall Internet users report Web server responses are unacceptably slow. If I connect the Web server directly to Internet users report page downloads are faster. The firewall machine CPU load is always light. It is a Pentium II Celeron 300MHz, 64Mb RAM, four Ethernet cards (3 D-Link 10/100, 1 NE2000), and around 180 ipfw rules. I can see nothing wrong when I look at output from tcpdump, netstat. No dropped packets, no fragmentation, no collisions, traffic on the 2Mb link is light. It is just seems slow. Any suggestions as to what is wrong here? What can I do to find the cause? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message