Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 23 Mar 2002 16:45:15 -0800
From:      "Crist J. Clark" <cjc@FreeBSD.ORG>
To:        Tony Saign <tony@saign.com>
Cc:        freebsd-ipfw@FreeBSD.ORG
Subject:   Re: Problems after cvsup to 4.5 -stable 3/21 with ipfw
Message-ID:  <20020323164515.B48968@blossom.cjclark.org>
In-Reply-To: <000001c1d289$7641c9a0$1401a8c0@frankenmobl>; from tony@saign.com on Sat, Mar 23, 2002 at 08:40:37AM -0800
References:  <000001c1d289$7641c9a0$1401a8c0@frankenmobl>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Mar 23, 2002 at 08:40:37AM -0800, Tony Saign wrote:
>  After a recent cvsup to 4.5 -stable, I noticed my server to be EXTREMLY
> sluggish with ipfw enabled.
> Web pages hanging indefinately, mail download HORRIBLY slow!
> 
> Turning ipfw off by add 0110 allow tcp from any to any via fxp0, things
> return to normal.
> 
> I made no changes to my ruleset listed below. Can anyone offer any
> insight/help? (PLEASE!)
> 
> Thanks,
> -Tony
> 
> 00100   50    2516 allow ip from any to any via lo0
> 00110 3235 1131435 allow tcp from any to any via fxp0
> 00200    0       0 deny ip from any to 127.0.0.0/8
> 00300    0       0 deny ip from 127.0.0.0/8 to any
> 00400    0       0 deny ip from 168.120.0.0/16 to any
> 00500    0       0 deny tcp from 168.120.0.0/16 to any
> 00600    0       0 deny udp from 168.120.0.0/16 to any
> 00700    0       0 allow tcp from any to 216.40.33.39 55000
> 00800 6413 4145842 allow tcp from any to any out established
> 00900  120    5801 allow tcp from any to any keep-state out setup
> 01000 4591  321384 allow tcp from any to any established

The 'keep-state' in 900 is totally pointless. Although off of the top
of my head, I can't see a reason why this would be slowing you down,
do you get better performance with that 'keep-state' gone?
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020323164515.B48968>