Firewall & DSL performance
Darryl Hoar
darryl at osborne-ind.com
Wed Mar 10 06:09:13 PST 2004
Well,
last night I changed the ipf.rules file to be:
pass in all keep state
pass out all keep state
to completely open my firewall to test my performance.
Well, it didn't make a lick of difference. Still got
700K.
If I open the firewall like I did, shouldn't performance
be a non issue ?
thanks,
Darryl
> -----Original Message-----
> From: Mike Jackson [mailto:mj at sci.fi]
> Sent: Tuesday, March 09, 2004 11:55 AM
> To: Darryl Hoar
> Subject: Re: Firewall & DSL performance
>
>
> Darryl Hoar (darryl at osborne-ind.com) wrote:
> >
> > Problem:
> > Recently, our ISP upgraded (at no charge) our connection
> from 512K to
> > 1.5Mb. When testing from a computer on my Lan, I was only
> seeing about
> > 700K. Testing at the box on the side of my house yielded
> 1.5Mb. Testing
> > at the jack inside also yielded 1.5Mb. So, my firewall seems to be
> > slowing things down.
>
> Run `top' and watch the memory and processor usage when
> downloading an iso
> from some internet site.
>
> Open another terminal and run `iostat -odICTw 2 -c 9', to
> watch your io
> performance.
>
> Open another terminal and run `vmstat -w 5', to watch virtual memory
> statistics.
>
> Finally, a slow processor just might be the bottleneck. For
> example, if
> you put a gigabit ethernet card in a P4 and one in a P2, you will most
> likely not get full speed - especially if there is kernel level packet
> interception going, e.g. ipsec, nat, or firewall filters.
>
> HTH,
> --
> Mike Jackson
>
More information about the freebsd-questions
mailing list