OpenBSD Soekris NAT Performance?

Sun, 11 Mar 2007 09:13:24 -0800 

Greetings everyone!!
I have been using OpenBSD for some time now on my Soekris 4511 router. I have OpenBSD 4.0 installed (off the cd) with all of the OS on a CompactFlash card which is mounted read-only; I used the "flashdist.sh" - script rom http://www.nmedia.net/~chris/soekris/ . I use the system to connect to my isp via the pptp client (version 1.7.1 with pppd, but I also tested version 1.7.0 from the ports with the user-ppp) and then do NAT for a mac os x and a windows client behind my firewall. Except that, I only run sshd on the soekris box. 


The hardare setup is as follows: <alcatel_modem>----<soekris_box>----- 
<3com 100Mbit HUB>--(Mac, Win, ps2)



Everything works fine but for speed; I would get about 1.8 megabit  
downstream from my ISP service, but with openBSD i just get about 400  
kbit downstream. I am pretty sure the hardware is not the problem as  
the speed is as it should be when I install m0n0wall (freebsd-based)  
on the same soekris box.



I tried looking at top for system load, system load is about 0.22,  
and the idlce counter never goes down 50% even when I try to use full  
traffic. The only thing I can think of to hint at the problem is the  
ouput of "netstat -n -I sis0" <with sis0 being the network port  
connected to my internal network>


===Cut===
# netstat -n -I sis0

Name    Mtu   Network     Address              Ipkts Ierrs    Opkts  
Oerrs Colls
sis0    1500  <Link>      00:00:24:c4:bd:44   124481     0     
87665     0   802
sis0    1500  192.168.2/2 192.168.2.1         124481     0     
87665     0   802
sis0    1500  fe80::%sis0 fe80::200:24ff:fe   124481     0     
87665     0   802

===Cut===
Is the number of Collisions maybe the problem?
As cpu load never reaches 100%, the packet filter can't be the problem?

I tried searching the web for my problem, but did not find anything.

Do you perhaps have any idea what  did wrong or configured incorrectly?


Please find my pf.conf attached as well:

===Cut===
ext_if="ppp0"
int_if="sis0"
adsl_if="sis1"
wlan_if="wi0"
alcatel="_adsl_modem_ip"
nat_proto="{tcp,i udp, icmp}"
protos="{tcp, udp}"

table <home> persist const {home_network_ip/24}

set skip on lo

scrub in all

nat on $ext_if from <home> to any -> ($ext_if)

# Redirect Metal Gear Solid 3: Subsistence traffic
rdr on $ext_if inet proto tcp to port 5730:5733 -> _ps2_ip_ port 5730:*
rdr on $ext_if inet proto udp to port 5730:5739 -> _ps2_ip_ port 5730:*

# Redirect Skype traffic
rdr on $ext_if inet proto udp to port 54045 -> _mac_ip_ port 54045
rdr on $ext_if inet proto tcp to port 54045 -> _mac_ip_ port 54045

# Redirect Bittorrent traffic
rdr on $ext_if inet proto tcp to port 6881:6999 -> _mac_ip_ port 6881:*

block in all

pass out all keep state

pass quick on $int_if
pass quick on $adsl_if
pass quick on $wlan_if

pass in on $ext_if proto tcp to ($ext_if) port ssh keep state
pass in on $ext_if proto tcp to ($ext_if) port 443 keep state

===Cut===

Thank you all so much in advance for trying to help me with this!!

See you,

Christian Fuchs

e-mail: [EMAIL PROTECTED]
UIN: 398213























					Reply via email to