Re: i386 home firewall/router/nat bottleneck diagnostics?

[yancm%sdf.lonestar.org@localhost]

> On Wed, Mar 16, 2011 at 01:57:10PM -0000, yancm%sdf.lonestar.org@localhost 
> wrote:
>> My server/firewall/nat/router box is an i386 NetBSD 5_Stable,
>> 300 MHz PIII w/512M Ram.
>
> What does "sysctl kern.mbuf.nmbclusters" report?

kern.mbuf.nmbclusters = 65568

I'm probably overdue for an update. Here's what's happened so far...

I have more money than time (I spent 15 years in university, but I have a
real paying job now and sometimes forget that!)...so
- I bought a pair of Intel Gigabyte NICs - PWLA8391GT (see for instance:
http://mail-index.netbsd.org/tech-net/2006/06/23/0001.html)
- To my surprise the NIC on the LAN side only registered to
100baseT...doh! Miswired cable...fixed that...OK 1000baseTX both NICs

I have a couple of windows boxes inside the firewall so use those to
"speedtest" on dslreports and pcpitstop.

Long story short - one internal box has "only" a 100Mb NIC - sees only
~5Mdown/4Mup, another box has 1G card, sees 20Mb down/5Mb up.

netstat -p ip and netstat -i show:
clarity 9 # netstat -p ip
ip:
        12330301 total packets received
        0 bad header checksums
        0 with size smaller than minimum
        0 with data size < data length
        0 with length > max ip packet size
        0 with header length < data size
        0 with data length < header length
        0 with bad options
        0 with incorrect version number
        335 fragments received
        0 fragments dropped (dup or out of space)
        0 fragments dropped (out of ipqent)
        0 malformed fragments dropped
        0 fragments dropped after timeout
        163 packets reassembled ok
        571278 packets for this host
        0 packets for unknown/unsupported protocol
        11748310 packets forwarded (0 packets fast forwarded)
        219 packets not forwardable
        0 redirects sent
        0 packets no matching gif found
        517563 packets sent from this host
        61 packets sent with fabricated ip header
        0 output packets dropped due to no bufs, etc.
        0 output packets discarded due to no route
        0 output datagrams fragmented
        0 fragments created
        0 datagrams that can't be fragmented
        0 datagrams with bad address in header
clarity 10 # netstat -i
Name  Mtu   Network       Address              Ipkts Ierrs    Opkts Oerrs
Colls
wm0   1500  10.1.10/24    10.1.10.10         7702906    47  4656229     0 
   0
wm1   1500  192.168.1/24  clarity            4627573    51  7603071     6 
   0

Based on very limited testing, seems to get best speeds, I need 1G path
even though throughput speeds are considerably less than NIC ratings?

Like I say, not much time right now...I'm a cylinder head
designer/developer and am in crisis mode with a sick head! 8-)
Damn day job!