Matthew Closson wrote:
> On Sat, 14 Oct 2006, Richard P. Koett wrote:
>
>> I'm having throughput problems using a Soekris net4801 as a firewall
>> running OpenBSD 3.9. This is replacing a SonicWALL device that was
>> working fine from the user's perspective. (I want to replace it
>> because, among other things, I abhor SonicWALL's licensing). I won't
>> post a
>> dmesg unless requested because I think this platform is pretty well
>> known. Hosts on the internal network are able to access the Internet
>> but report that access seems slow. Some operations fail consistently.
>> For example, users can send and receive e-mail e-mails but can't send
>> e-mail with attachments larger than about 20K. I ran a browser-based
>> ADSL speed test from an internal host and found download speeds to
>> be quite good but upload tests fail to complete.
>>
>> I found a few similar problems in the archives but the posted
>> solutions haven't worked for me. I can't see that pf is blocking
>> anything I want passed. At the moment I am running a stripped down
>> pf.conf as follows:
>>
>> # DECLARATIONS:
>> Ext_If="sis0"
>> Int_If="sis1"
>> DMZ_If="sis2"
>> Int_Net="192.168.5.0/24"
>>
>> # OPTIONS:
>> set loginterface $Ext_If
>>
>> # NAT / REDIRECTION:
>> nat on $Ext_If from $Int_Net to any -> ($Ext_If)
>> rdr on $Ext_If inet proto tcp from any to ($Ext_If) port 3391 \
>> -> 192.168.5.1 port 3391
>> rdr on $Ext_If inet proto tcp from any to ($Ext_If) port 3392 \
>> -> 192.168.5.2 port 3392
>>
>> I think I can rule out things like speed and duplex problems between
>> the Soekris and the local switch because the problem only affects
>> outbound traffic. I tried a few scrub options to no avail but may
>> not have been doing the right thing. I would really appreciate any
>> suggestions on how to troubleshoot this. If I can't get this
>> resolved by Monday morning I'm going to take some heat.
>>
>> Thanks,
>> RPK.
>
> What kind of link is sis0 on? Do you know what your interface MTU
> was set to on the SonicWall?
>
> -Matt-
sis0 is connected to a D-Link ADSL modem - not sure of the exact model.
ifconfig shows the following details:
# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224
groups: lo
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
sis0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:c6:df:34
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::200:24ff:fec6:df34%sis0 prefixlen 64 scopeid 0x1
inet xxx.xxx.xxx.xxx netmask 0xfffffe00 broadcast
xxx.xxx.xxx.xxx
sis1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:c6:df:35
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.5.254 netmask 0xffffff00 broadcast 192.168.5.255
inet6 fe80::200:24ff:fec6:df35%sis1 prefixlen 64 scopeid 0x2
sis2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:c6:df:36
media: Ethernet autoselect (none)
status: no carrier
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33224
pfsync0: flags=0<> mtu 1460
enc0: flags=0<> mtu 1536
I don't know what MTU the SonicWALL was using but I'm sure it would
have been whatever the default setting is on a SonicWALL SOHO3.
