Subject: Re: Further Firewall Good News
To: Christopher Prosser <cprosse@elux3.cs.umass.edu>
From: Aaron S. Magill <amagill@uiuc.edu>
List: port-mac68k
Date: 02/23/1996 00:49:49
>Hi Aaaron,
>    Any chance of you writing a FAQ about this?  ;)  I want to do this
>exact setup at home, but haven't had the time to do the research.  If you
>don't have time to do a complete faq, could you send me some pointers as to
>where to get fwtk?  How fast does the maciix go on the serial port and with
>which kernal?
>Thanks,
>        Chris Prosser
>

(all of this is with the 1.1 and 1.1A-current kernels.  Those that worked
on my machine, at any rate!)

Your other question:

I have the two serial lines going, each at 38400 baud.  I have heard that
57600 bogs down MacBSD.

I have a 28.8 modem on one line, and the other is to my PowerMac.

For netscape, I haven't noticed any delays that I didn't also get when the
PowerMac had the modem directly connected to it and was the only machine
connected to the University.  Dilbert at unitedmedia.com actually comes up
faster, but I think that is becuase they have been upgrading their
hardware.

I have noticed a slight decrease in ftp transfer speed, but that may just
be the network at school being taxed.  At our school, at any rate, you can
tell what time of the year it is by the response times of the schools ftp
servers.  Early in the semester, everything is fine.  As time goes on,
things get slower and slower, until the weekend before finals.  Then things
speed back up again, probably because everyone is finally wondering how
they are going to cram for everything!

I haven't stress tested any of this yet... I'll try to for the FAQ.

I used to get zs0a and zs0b ring overruns when I used 57600 as my baud rate.
You can modify the following lines in /usr/src/sys/arch/mac68k/dev/zsvar.h to
alleviate some of that:

#define ZLRB_RING_SIZE 512           /* ZS line ring buffer size */
#define ZLRB_RING_MASK 511           /* mask for same */

Change them to:

#define ZLRB_RING_SIZE 1024             /* ZS line ring buffer size */
#define ZLRB_RING_MASK 1023             /* mask for same */

This doubles the buffer used by the tty system which is used in serial
connections (I'll try and pull the message I got off of the mailing list
concerning this, which has a more detailed explanation of why this helps.)

Then recompile your kernel.

When i did this, the number of ring overruns I got dropped, but I still
occasionally got them, esp. during large file trasnfers.  It also made
doing things like sup on the firewall increadibly inefficient if any other
network traffic was going on at the same time.

I haven't seen an overrun since I dropped to 38400.  This has been while
supping the sources, using netscape to pull in the NetBSD home pages, and
ftping a 1mb file from one of the University's sites all at the same time.
I'm sure that, had I been doing them separately, all three would have been
faster... a modem can only handle so much at a time, but all three occured
in what seemed to be reasonable times... not that noticably slower than had
I been doing them on the PowerMac before I set up the firewall.

I think the biggest concern would be what else is the firewall doing?  If
you're running X on the firewall, or compiling a kernel, I'd expect a very
big slowdown.  But if the firewall is pretty much doing its own thing
(maybe a telnet session or two open, and sup running in the background),
then I wouldn't expect much of a performance hit.

Aaron


--
Aaron Scott Magill                                             amagill@uiuc.edu
-------------------------------------------------------------------------------
}{  "I have SEEN evil!  I have SEEN horror!  I have seen the unholy maggots  }{
}{    which feast in the dark recesses of the human soul!  I have seen all   }{
}{  this, officer, but until today, I had never seen... YOU!" - Gomez Addams }{
-------------------------------------------------------------------------------