View Single Post
  #1   (View Single Post)  
Old 11th December 2009
Ernball Ernball is offline
New User
 
Join Date: Dec 2009
Posts: 2
Default Network Speed Issues

I'm running a small network at home with OBSD4.6 as a gateway/firewall to multiple windows boxes. After upgrading this box from 3.9 to 4.6, I noticed some changes in throughput to said windows boxes. When using programs that create multiple connections (newsreader - 20 connections or Bittorrent) the network seems to max out at 800KB/s. However, if I'm just grabbing one large file from an FTP server, I can get much more than that. If I do a speed test at speedtest.net, I hit about 7.5MB/s from the windows boxes.

If I change my pf rules to pass all, I can hit about 850KB/s, so I don't think it's the pf rules.

My pf.conf and dmesg are below, the main windows box in question is running win7.

Code:
OpenBSD 4.6 (GENERIC.MP) #81: Thu Jul  9 21:26:19 MDT 2009
    deraadt@amd64.openbsd.org:/usr/src/s...ile/GENERIC.MP
real mem = 2135117824 (2036MB)
avail mem = 2060746752 (1965MB)
RTC BIOS diagnostic error 80<clock_battery> mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe3590 (23 entries)
bios0: vendor Intel Corp. version "LF94510J.86A.0182.2009.0528.2014" date 05/28/2009
bios0: Intel Corporation D945GCLF2
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC WDDT MCFG ASF!
acpi0: wakeup devices SLPB(S4) P32_(S4) UAR1(S4) UAR2(S4) PEX0(S4) PEX1(S4) PEX2(S4) PEX3(S4) PEX4(S4) PEX5(S4) UHC1(S3) UHC2(S3) UHC3(S3) UHC4(S3) EHCI(S3) AC9M(S4) AZAL(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Atom(TM) CPU 330 @ 1.60GHz, 1596.25 MHz
cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CX16,xTPR,NXE,LONG
cpu0: 512KB 64b/line 16-way L2 cache
cpu0: apic clock running at 135MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Atom(TM) CPU 330 @ 1.60GHz, 1627.93 MHz
cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CX16,xTPR,NXE,LONG
cpu1: 512KB 64b/line 16-way L2 cache
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Atom(TM) CPU 330 @ 1.60GHz, 1627.93 MHz
cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CX16,xTPR,NXE,LONG
cpu2: 512KB 64b/line 16-way L2 cache
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Atom(TM) CPU 330 @ 1.60GHz, 1627.93 MHz
cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CX16,xTPR,NXE,LONG
cpu3: 512KB 64b/line 16-way L2 cache
ioapic0 at mainbus0 apid 2 pa 0xfec00000, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 2 acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 4 (P32_)
acpiprt2 at acpi0: bus 1 (PEX0)
acpiprt3 at acpi0: bus -1 (PEX1)
acpiprt4 at acpi0: bus 2 (PEX2)
acpiprt5 at acpi0: bus 3 (PEX3)
acpiprt6 at acpi0: bus -1 (PEX4)
acpiprt7 at acpi0: bus -1 (PEX5)
acpicpu0 at acpi0
acpicpu1 at acpi0
acpicpu2 at acpi0
acpicpu3 at acpi0
acpibtn0 at acpi0: SLPB
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82945G Host" rev 0x02
vga1 at pci0 dev 2 function 0 "Intel 82945G Video" rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp0 at vga1 agp0 at intagp0: aperture at 0x80000000, size 0x10000000 inteldrm0 at vga1: apic 2 int 16 (irq 11) drm0 at inteldrm0 ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01: apic 2 int 17 (irq 255)
pci1 at ppb0 bus 1
re0 at pci1 dev 0 function 0 "Realtek 8168" rev 0x02: RTL8168C/8111C (0x3c00), apic 2 int 16 (irq 11), address 00:1c:c0:c2:6c:64 rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2
ppb1 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x01: apic 2 int 18 (irq 255)
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x01: apic 2 int 19 (irq 255)
pci3 at ppb2 bus 3
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: apic 2 int 23 (irq 9)
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: apic 2 int 19 (irq 10)
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: apic 2 int 18 (irq 11)
uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x01: apic 2 int 16 (irq 11) ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: apic 2 int 23 (irq 9) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb3 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xe1
pci4 at ppb3 bus 4
skc0 at pci4 dev 0 function 0 "D-Link Systems DGE-530T B1" rev 0x11, Yukon Lite (0x9): apic 2 int 21 (irq 9) sk0 at skc0 port A: address 00:22:b0:62:34:e7 eephy0 at sk0 phy 0: 88E1011 Gigabit PHY, rev. 5 pcib0 at pci0 dev 31 function 0 "Intel 82801GB LPC" rev 0x01 pciide0 at pci0 dev 31 function 1 "Intel 82801GB IDE" rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 1 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: <TOSHIBA, DVD-ROM SD-R2412, 1330> ATAPI 5/cdrom removable
cd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
pciide1 at pci0 dev 31 function 2 "Intel 82801GB SATA" rev 0x01: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI
pciide1: using apic 2 int 19 (irq 10) for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: <ST3250410AS>
wd0: 16-sector PIO, LBA48, 238475MB, 488397168 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 ichiic0 at pci0 dev 31 function 3 "Intel 82801GB SMBus" rev 0x01: apic 2 int 19 (irq 10) iic0 at ichiic0 admtm0 at iic0 addr 0x2d: 47m192 spdmem0 at iic0 addr 0x50: 2GB DDR2 SDRAM non-parity PC2-5300CL5 
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb4 at uhci3: USB revision 1.0
uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: <PC speaker> spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7
mtrr: Pentium Pro MTRR support
uhidev0 at uhub2 port 1 configuration 1 interface 0 "Silitek IBM USB Keyboard" rev 1.10/1.00 addr 2
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 modifier keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub2 port 1 configuration 1 interface 1 "Silitek IBM USB Keyboard" rev 1.10/1.00 addr 2
uhidev1: iclass 3/0, 3 report ids
uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0
uhid1 at uhidev1 reportid 2: input=1, output=0, feature=0
uhid2 at uhidev1 reportid 3: input=3, output=1, feature=0 softraid0 at root root on wd0a swap on wd0b dump on wd0b
pf.conf
Code:
#set runtime options
set block-policy drop

#don't examine traffic on loopback interfaces set skip on lo

#macros
ext_if="re0"
int_if="sk0"
LAN="172.31.31.0/28"
tcp_services="{ 22 }"
udp_services="{ }"
tyson="172.31.31.5"
tyson_ports="{ 1999, 6000:6100  }" 
voip="172.31.31.2"
voip_ports="{ 2427, 16384:32767 }"
mail="172.31.31.8"
mail_services="{ 25, 465 }"
http_services="{ 80, 443 }"

#tables
table <blackhole> persist file "/etc/blackhole.pftable"


#queuing (QoS)
#enable queueing on the external interface to queue packets going out to the internet altq on $ext_if cbq bandwidth 650Kb queue {bulk_out voip_out}
	queue bulk_out bandwidth 470Kb priority 1 cbq(default borrow)
	queue voip_out bandwidth 180Kb priority 7 cbq(borrow)

#enable queueing on the internal interface to queue packets coming in from the internet altq on $int_if cbq bandwidth 7Mb queue {bulk_in voip_in}
	queue bulk_in bandwidth 6.5Mb priority 1 cbq(default borrow)
	queue voip_in bandwidth 160Kb priority 7 cbq(borrow)


#NAT rules
nat on $ext_if from !($ext_if) -> ($ext_if:0)

#redirects
rdr pass on $ext_if proto tcp from any to any port 25 -> $mail port 25 rdr pass on $ext_if proto tcp from any to any port 465 -> $mail port 465 rdr pass on $ext_if proto tcp from any to any port 80 -> $mail port 80 rdr pass on $ext_if proto tcp from any to any port 443 -> $mail port 443 rdr on $ext_if proto tcp from any to any port 1999 \
	-> $tyson port 1999
rdr on $ext_if proto {tcp, udp} from any to any port 6000:6100 \
	-> $tyson port 6000:6100


####################################
#default deny

block in all
pass out all

#packet scrub
match in all scrub (no-df)

#drop all packets from those on the shitlist block in quick on {$ext_if, $int_if} from <blackhole> to any block out quick on {$int_if, $ext_if} from any to <blackhole>

#spoofed address protection
antispoof quick for { lo $int_if }

#pass voip traffic quick
pass in quick log on $ext_if proto {tcp udp} from any to $voip port $voip_ports \
	keep state queue voip_in
pass in quick log on $int_if proto {tcp udp} from $voip port $voip_ports to any \
	keep state queue voip_out

#allow traffic to services on this machine pass in log on $ext_if proto tcp from any to ($ext_if) \
	port $tcp_services keep state
#pass in log on $ext_if proto udp from any to ($ext_if) \
	port $udp_services keep state


#allow traffic to services on tyson's machine pass in log on $ext_if proto tcp from any to $tyson port $tyson_ports keep state pass in log on $int_if proto tcp from any to $tyson port $tyson_ports keep state

#allow all local traffic to leave
pass in on $int_if from any to any
Thanks for your help.
Tyson
Reply With Quote