On Wed, 6 Apr 2005 08:38:39 +0200
Guido van Rooij <guido@gvr.org> wrote:
 
> This smells more like media errors.
> 
> He should check his duplex settings on the LAN between FW and cable modem.
> 
> -Guido

Just in case it may help for tests, the three cases where I had such bad
performance were the following:

a) wrongly wired cable (was sending properly in only one direction,
   being extremely slow in the other direction due to overwhelming packet
   loss), was fixed by rewireing the ends
b) using a cable designed for 10mbit on a 100mbit link where media
   handshaking switched to 100mbit mode, was fixed using an *e cable)
c) duplex media problems such a described above, fixed by setting
   the managed switch to single duplex mode for that port, in the
   particular case I had, where the switch was linked to one of the two
   network cards of the firewall box

My firewall only consists of a P100 or such with 32MB RAM and it works well,
even with a rather large states table, so I doubt ipfilter performance in
general is at fault here (and it was migrated from 1.6.1 to 2.0.1 lately
without issues).

-- 
Note: Please only reply on the list since other mail is blocked by default.
Private messages from your address can be allowed by first asking, however.