Due to limitations in the standard 'linksys/dlink/netgear' routers, as far as firewalls are concerned, last night I setup one of my 5.3-STABLE boxes as being the gateway ... unless I've set something up wrong, 'blows chunks' is what comes to mind :( The machine: CPU: Intel(R) Pentium(R) 4 CPU 2.00GHz (1995.01-MHz 686-class CPU) real memory = 536805376 (511 MB) avail memory = 519823360 (495 MB) Two controllers: fxp0: <Intel 82550 Pro/100 Ethernet> port 0xd000-0xd03f mem 0xfa000000-0xfa01ffff,0xfa021000-0xfa021fff irq 19 at device 9.0 on pci2 miibus0: <MII bus> on fxp0 fxp0: Ethernet address: 00:02:b3:ee:da:3e de0: <Digital 21140A Fast Ethernet> port 0xd100-0xd17f mem 0xfa020000-0xfa02007f irq 20 at device 11.0 on pci2 de0: [GIANT-LOCKED] de0: SMC 9332BDT 21140A [10-100Mb/s] pass 2.0 de0: enabling 10baseT port de0: Ethernet address: 00:00:c0:b9:e1:f9 Firewall rules are bare minimal: # ipfw list 00050 divert 8668 ip from any to any via de0 01000 allow ip from any to any 65535 deny ip from any to any And natd is running with: -redirect_port tcp 192.168.1.4:22 22 -n de0 I run interactive sessions to my remote/colo servers ... and I can *see* the difference between the Linksys and the FreeBSD box, as far as being able to get work done is concerned ... My only thought is that its the de controller itself ... when I tried to compile it into the kernel, vs using it as a module, it caused the server itself to crash just before it did the PRNG stuff (just after mounting root) ... loading it as a module works fine though ... is there a problem with the de driver itself, or 5.x, that needs to be looked into? thanks ... ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email: scrappy@hub.org Yahoo!: yscrappy ICQ: 7615664
On Thursday 23 December 2004 18:24, Marc G. Fournier wrote:> Due to limitations in the standard 'linksys/dlink/netgear' routers, > as far as firewalls are concerned, last night I setup one of my > 5.3-STABLE boxes as being the gateway ... unless I've set something > up wrong, 'blows chunks' is what comes to mind :( > > The machine: > > CPU: Intel(R) Pentium(R) 4 CPU 2.00GHz (1995.01-MHz 686-class CPU) > real memory = 536805376 (511 MB) > avail memory = 519823360 (495 MB) > > Two controllers: > > fxp0: <Intel 82550 Pro/100 Ethernet> port 0xd000-0xd03f mem > 0xfa000000-0xfa01ffff,0xfa021000-0xfa021fff irq 19 at device 9.0 on > pci2 miibus0: <MII bus> on fxp0 fxp0: Ethernet address: > 00:02:b3:ee:da:3e > > de0: <Digital 21140A Fast Ethernet> port 0xd100-0xd17f mem > 0xfa020000-0xfa02007f irq 20 at device 11.0 on pci2 de0: > [GIANT-LOCKED] > de0: SMC 9332BDT 21140A [10-100Mb/s] pass 2.0 > de0: enabling 10baseT port > de0: Ethernet address: 00:00:c0:b9:e1:f9 > > Firewall rules are bare minimal: > > # ipfw list > 00050 divert 8668 ip from any to any via de0 > 01000 allow ip from any to any > 65535 deny ip from any to any > > And natd is running with: > > -redirect_port tcp 192.168.1.4:22 22 -n de0 > > I run interactive sessions to my remote/colo servers ... and I can > *see* the difference between the Linksys and the FreeBSD box, as > far as being able to get work done is concerned ... > > My only thought is that its the de controller itself ... when I > tried to compile it into the kernel, vs using it as a module, it > caused the server itself to crash just before it did the PRNG stuff > (just after mounting root) ... loading it as a module works fine > though ... > > is there a problem with the de driver itself, or 5.x, that needs to > be looked into? > > thanks ... > > ---- > Marc G. Fournier Hub.Org Networking Services > (http://www.hub.org) Email: scrappy@hub.org Yahoo!: > yscrappy ICQ: 7615664Is it possible that there is a 10/100 or duplex mismatch on the NICs? I use a 200mhz Ppro w/ the fxp0 and sis0 drivers to nat/firewall a 3mbps connection so I would think your hardware is sufficient to do the job. -- Thanks, Josh Paetzel
On Thu, Dec 23, 2004 at 02:24:18PM -0400, Marc G. Fournier wrote:> > Due to limitations in the standard 'linksys/dlink/netgear' routers, as far > as firewalls are concerned, last night I setup one of my 5.3-STABLE boxes > as being the gateway ... unless I've set something up wrong, 'blows > chunks' is what comes to mind :( > > The machine: > > CPU: Intel(R) Pentium(R) 4 CPU 2.00GHz (1995.01-MHz 686-class CPU) > real memory = 536805376 (511 MB) > avail memory = 519823360 (495 MB) > > Two controllers: > > fxp0: <Intel 82550 Pro/100 Ethernet> port 0xd000-0xd03f mem > 0xfa000000-0xfa01ffff,0xfa021000-0xfa021fff irq 19 at device 9.0 on pci2 > miibus0: <MII bus> on fxp0 > fxp0: Ethernet address: 00:02:b3:ee:da:3e > > de0: <Digital 21140A Fast Ethernet> port 0xd100-0xd17f mem > 0xfa020000-0xfa02007f irq 20 at device 11.0 on pci2 > de0: [GIANT-LOCKED] > de0: SMC 9332BDT 21140A [10-100Mb/s] pass 2.0 > de0: enabling 10baseT port > de0: Ethernet address: 00:00:c0:b9:e1:f9 > > Firewall rules are bare minimal: > > # ipfw list > 00050 divert 8668 ip from any to any via de0 > 01000 allow ip from any to any > 65535 deny ip from any to any > > And natd is running with: > > -redirect_port tcp 192.168.1.4:22 22 -n de0 > > I run interactive sessions to my remote/colo servers ... and I can *see* > the difference between the Linksys and the FreeBSD box, as far as being > able to get work done is concerned ... > > My only thought is that its the de controller itself ... when I tried to > compile it into the kernel, vs using it as a module, it caused the server > itself to crash just before it did the PRNG stuff (just after mounting > root) ... loading it as a module works fine though ... > > is there a problem with the de driver itself, or 5.x, that needs to be > looked into?Please put a little effort into researching the problem before making unhelpful comments about "blowing chunks". Try a different NIC; try using ipfilter or pf NAT instead of natd if you expect performance. Tim