Date: Wed, 16 Aug 2000 18:29:11 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: David May <David_May@allsolutions.com.au> Cc: freebsd-security@freebsd.org Subject: Re: [Q] why does my firewall degrade Web performance? Message-ID: <Pine.BSF.4.21.0008161825580.14500-100000@achilles.silby.com> In-Reply-To: <4825693D.00159022.00@ASPerth1.allsolutions.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 16 Aug 2000, David May wrote: > The firewall machine CPU load is always light. It is a Pentium II Celeron > 300MHz, 64Mb RAM, four Ethernet cards (3 D-Link 10/100, 1 NE2000), > and around 180 ipfw rules. I'm not sure how fast/slow ipfw is, but 180 rules sounds like a LOT. Could you get by with a few less? (Or at least try the setup with no rules and the firewall box just runningas a pure router.) One other thing you may want to check first, though, is if your firewall is introducing a network-level problem. Many people have been bitten by NICs auto-negotiating duplex wrong and driving speeds through the floor. Try doing filetransfers from each point in the system to other points in the system to see if you can notice where the slowdown is occuring (on the network -> firewall link, or the firewall -> NT link.) Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008161825580.14500-100000>