|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|||
(Solved) DSL throughput slow. Is it the firewall?
Actually, I think it's my machine's NIC (re0) but is there any kind of "common" pf rule mistake that can slow down throughput to any substantial degree?
thanks, tf I dragged this old post up because, a few days after release, I upgraded my firewall to 5.1 and there has been a substantial improvement in throughput. The wireless access point has stopped dropping connections as well (the hostap work in 5.1 was actually why I upgraded). Tip 'o the hat to all the OpenBSD folks for their work on 5.1; it has made a BIG difference for my network. tf Last edited by thefronny; 16th May 2012 at 04:38 AM. Reason: Things have changed |
|
|||
It could be a userland PPPoE vs kernel PPPoE issue, which do you use in your configuration?
|
|
|||
Quote:
Code:
# netstat -in Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Colls lo0 33200 <Link> 86 0 86 0 0 lo0 33200 127/8 127.0.0.1 86 0 86 0 0 lo0 33200 ::1/128 ::1 86 0 86 0 0 lo0 33200 fe80::%lo0/ fe80::1%lo0 86 0 86 0 0 fxp0 1500 <Link> 00:02:a5:55:66:77 1002678 0 908002 0 0 fxp0 1500 10.0.0/24 10.0.0.2 1002678 0 908002 0 0 fxp0 1500 fe80::%fxp0 fe80::202:a5ff:fe 1002678 0 908002 0 0 xl0 1500 <Link> 00:60:08:a0:b3:07 985137 0 1138591 0 274 xl0 1500 192.168.238 192.168.238.1 985137 0 1138591 0 274 xl0 1500 fe80::%xl0/ fe80::260:8ff:fea 985137 0 1138591 0 274 ral0 1500 <Link> 00:16:b6:57:7a:64 0 0 2 0 0 ral0 1500 fe80::%ral0 fe80::216:b6ff:fe 0 0 2 0 0 ral0 1500 172.22/16 172.22.22.1 0 0 2 0 0 enc0* 0 <Link> 0 0 0 0 0 pflog0 33200 <Link> 0 0 48 0 0 Code:
# netstat -ss ip: 1987416 total packets received 80278 packets for this host 1905411 packets forwarded 1565 packets not forwardable 141389 packets sent from this host 1117 multicast packets which we don't join icmp: 554 calls to icmp_error Output packet histogram: destination unreachable: 554 Input packet histogram: echo reply: 21 igmp: ipencap: tcp: 137499 packets sent 137270 data packets (21070256 bytes) 204 ack-only packets (5225 delayed) 25 control packets 75273 packets received 71878 acks (for 21070260 bytes) 22 duplicate acks 5297 packets (279416 bytes) received in-sequence 18 completely duplicate packets (0 bytes) 4 out-of-order packets (0 bytes) 242 window update packets 8 connection requests 11 connection accepts 19 connections established (including accepts) 76 connections closed (including 1 drop) 71886 segments updated rtt (of 71675 attempts) 11495 correct ACK header predictions 2752 correct data packet header predictions 22 PCB cache misses 11 SYN cache entries added 11 completed 4 SYN,ACKs retransmitted udp: 4989 datagrams received 1900 broadcast/multicast datagrams dropped due to no socket 3089 delivered 3318 datagrams output 620 missed PCB cache esp: ah: etherip: ipcomp: carp: pfsync: divert: pflow: ip6: 201 total packets received 17 packets sent from this host 201 multicast packets which we don't join Input packet histogram: hop by hop: 32 UDP: 110 ICMP6: 59 Mbuf statistics: 201 one ext mbufs divert6: icmp6: Output packet histogram: multicast listener report: 14 neighbor solicitation: 3 Histogram of error messages to be generated: pim6: rip6: |
|
|||
Quote:
HTML Code:
VPI/VCI VLAN Mux Con. ID Category Service Interface Protocol Igmp Nat Firewall QoS State Remove Edit 0/32 Off 1 UBR pppoa_0_0_32_1 ppp_0_0_32_1 PPPoA Disabled Enabled Disabled Disabled Enabled If you mean the firewall, it's just a default install. I've changed nothing except interface names and the packet forwarding sysctl. Does this help? thanks, tf |
|
||||
Nothing jumps out at me from netstat as an obvious problem.
I found a pf.conf you posted here a year ago. I don't know how much of this is still configured this way: Code:
set optimization normal Code:
match log on $ext_if all scrub (random-id min-ttl 254 set-tos lowdelay reassemble t cp max-mss 1460)
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Does anyone know why Gnome is so slow on BSD? | TerryP | General software and network | 11 | 27th August 2010 06:06 PM |
Why is FreeBSD dd so slow? | sharris | FreeBSD General | 10 | 18th June 2010 08:33 AM |
slow io from hdd | knasbas | OpenBSD General | 3 | 25th July 2009 02:51 AM |
Limit Bandwidth (not throughput) | plexter | OpenBSD Security | 5 | 9th October 2008 05:10 PM |
Disk I/O Throughput | m4rc | OpenBSD General | 5 | 10th July 2008 02:50 AM |