On Thu, Dec 23, 2004 at 02:24:18PM -0400, Marc G. Fournier wrote: > > Due to limitations in the standard 'linksys/dlink/netgear' routers, as far > as firewalls are concerned, last night I setup one of my 5.3-STABLE boxes > as being the gateway ... unless I've set something up wrong, 'blows > chunks' is what comes to mind :( > > The machine: > > CPU: Intel(R) Pentium(R) 4 CPU 2.00GHz (1995.01-MHz 686-class CPU) > real memory = 536805376 (511 MB) > avail memory = 519823360 (495 MB) > > Two controllers: > > fxp0: <Intel 82550 Pro/100 Ethernet> port 0xd000-0xd03f mem > 0xfa000000-0xfa01ffff,0xfa021000-0xfa021fff irq 19 at device 9.0 on pci2 > miibus0: <MII bus> on fxp0 > fxp0: Ethernet address: 00:02:b3:ee:da:3e > > de0: <Digital 21140A Fast Ethernet> port 0xd100-0xd17f mem > 0xfa020000-0xfa02007f irq 20 at device 11.0 on pci2 > de0: [GIANT-LOCKED] > de0: SMC 9332BDT 21140A [10-100Mb/s] pass 2.0 > de0: enabling 10baseT port > de0: Ethernet address: 00:00:c0:b9:e1:f9 > > Firewall rules are bare minimal: > > # ipfw list > 00050 divert 8668 ip from any to any via de0 > 01000 allow ip from any to any > 65535 deny ip from any to any > > And natd is running with: > > -redirect_port tcp 192.168.1.4:22 22 -n de0 > > I run interactive sessions to my remote/colo servers ... and I can *see* > the difference between the Linksys and the FreeBSD box, as far as being > able to get work done is concerned ... > > My only thought is that its the de controller itself ... when I tried to > compile it into the kernel, vs using it as a module, it caused the server > itself to crash just before it did the PRNG stuff (just after mounting > root) ... loading it as a module works fine though ... > > is there a problem with the de driver itself, or 5.x, that needs to be > looked into?
Please put a little effort into researching the problem before making unhelpful comments about "blowing chunks". Try a different NIC; try using ipfilter or pf NAT instead of natd if you expect performance. Tim _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
