Subject: Re: On the performance of ipfilter
To: None <firstname.lastname@example.org>
From: Matthew Mondor <email@example.com>
Date: 04/06/2005 13:28:44
On Wed, 6 Apr 2005 08:38:39 +0200
Guido van Rooij <firstname.lastname@example.org> wrote:
> This smells more like media errors.
> He should check his duplex settings on the LAN between FW and cable modem.
Just in case it may help for tests, the three cases where I had such bad
performance were the following:
a) wrongly wired cable (was sending properly in only one direction,
being extremely slow in the other direction due to overwhelming packet
loss), was fixed by rewireing the ends
b) using a cable designed for 10mbit on a 100mbit link where media
handshaking switched to 100mbit mode, was fixed using an *e cable)
c) duplex media problems such a described above, fixed by setting
the managed switch to single duplex mode for that port, in the
particular case I had, where the switch was linked to one of the two
network cards of the firewall box
My firewall only consists of a P100 or such with 32MB RAM and it works well,
even with a rather large states table, so I doubt ipfilter performance in
general is at fault here (and it was migrated from 1.6.1 to 2.0.1 lately
Note: Please only reply on the list since other mail is blocked by default.
Private messages from your address can be allowed by first asking, however.