I am curious what level of performance I should expect from the firewall box described below in terms of packets/sec and bytes/sec. it is an 800 MHz VIA c3 with a Gigabit switch on the inside interface and 20 Mbs symetric Fios on the outside. both interfaces are 100 Mbs. it is running sshd, bsnmpd, sendmail (outbound only), bind9 (serving local domain info & queries from 5-15 machines on the LAN) and isc-dhcpd. it acts as a border firewall/router for a small LAN w/ 5 static external addresses & the rest NATed. Kernel: http://www.uffner.com/temp/GATEWAY.txt dmesg: http://www.uffner.com/temp/dmesg.txt rc.conf: http://www.uffner.com/temp/rc.conf.txt pf.conf: http://www.uffner.com/temp/pf.conf.txt i'm hoping a few people will give me estimates on what kind of throughput i should theoretically expect before i provide any actual test data. also, any suggestions on tuning would be welcome. so far in preliminary tests, enabling polling on the network interfaces reduces my performance slightly both to/from and through the box. net.inet.ip.fastforwarding doesn't seem to make much difference either way but i haven't done very thorough testing of it. increasing net.inet.tcp.sendbuf_max & recvbuf_max may have helped, but again, not sufficiently tested.Received on Thu Aug 13 2009 - 20:04:18 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:53 UTC