From owner-freebsd-security Wed Aug 16 16:29:18 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39]) by hub.freebsd.org (Postfix) with ESMTP id BDBB337B812 for ; Wed, 16 Aug 2000 16:29:12 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 14544 invoked by uid 1000); 16 Aug 2000 23:29:11 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 16 Aug 2000 23:29:11 -0000 Date: Wed, 16 Aug 2000 18:29:11 -0500 (CDT) From: Mike Silbersack To: David May Cc: freebsd-security@freebsd.org Subject: Re: [Q] why does my firewall degrade Web performance? In-Reply-To: <4825693D.00159022.00@ASPerth1.allsolutions.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 16 Aug 2000, David May wrote: > The firewall machine CPU load is always light. It is a Pentium II Celeron > 300MHz, 64Mb RAM, four Ethernet cards (3 D-Link 10/100, 1 NE2000), > and around 180 ipfw rules. I'm not sure how fast/slow ipfw is, but 180 rules sounds like a LOT. Could you get by with a few less? (Or at least try the setup with no rules and the firewall box just runningas a pure router.) One other thing you may want to check first, though, is if your firewall is introducing a network-level problem. Many people have been bitten by NICs auto-negotiating duplex wrong and driving speeds through the floor. Try doing filetransfers from each point in the system to other points in the system to see if you can notice where the slowdown is occuring (on the network -> firewall link, or the firewall -> NT link.) Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message