pf speed drops
Greg Hennessy
Greg.Hennessy at nviz.net
Sun Jun 5 22:11:01 UTC 2011
What is the profile of the network traffic ? Protocol ? Connections/second ? Packet size ?
Change the policy to
Block log all
Pass log all keep state
Perform the test again, check the firewall logs to see what if anything is being dropped.
500 megabits/second a lot of traffic for an internet connected device. The state table could be filling up for example.
http://prefetch.net/articles/monitoringpf.html
http://www.packetmischief.ca/2011/02/17/hitting-the-pf-state-table-limit/
> -----Original Message-----
> From: Dmitri Budko [mailto:admin at isphost.com.ua]
> Sent: Sunday, 5 June 2011 11:11 PM
> To: Greg Hennessy
> Cc: freebsd-pf at freebsd.org
> Subject: Re: pf speed drops
>
> Hello
> I look via systat -if 1
>
> Greg Hennessy пишет:
> > As measured by?
> >
> >
> >
> >> -----Original Message-----
> >> From: owner-freebsd-pf at freebsd.org [mailto:owner-freebsd-
> >> pf at freebsd.org] On Behalf Of Dmitri Budko
> >> Sent: Sunday, 5 June 2011 7:43 PM
> >> To: freebsd-pf at freebsd.org
> >> Subject: pf speed drops
> >>
> >> Hello.
> >> When I turn on the PF server internet speed drops from 500 megabits to
> >> 100, after the shutdown goes back to 500
> >>
> >> The rules are simple
> >>
> >> pass in all
> >> pass out all
> >>
> >> OS: FreeBSD GW 7.3-RELEASE FreeBSD 7.3-RELEASE # 3
> >> Network card: em0: <Intel(R) PRO/1000 Network Connection 6.9.6>
> >>
> >> How is it possible to solve this problem?
> >> _______________________________________________
> >> freebsd-pf at freebsd.org mailing list
> >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> >> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
> >>
More information about the freebsd-pf
mailing list