[geeks] Routing problem: solution in progress
Charles Shannon Hendrix
shannon at widomaker.com
Tue Dec 26 17:33:22 CST 2006
Tue, 26 Dec 2006 @ 11:21 +0200, Michael-John Turner said:
> > Of course, I have no complex firewall rules yet, and right now ipfilter
> > setup is minimal, and I'm not running a snooper yet.
>
> You should take a look at pf - I switched from IPFilter to pf a few years
> back and I'm very happy. NetBSD 3.1 supports it, but not in the GENERIC
> kernel - you'll either need to load the lkm or build a custom kernel with
> pf support.
I might take a look. I've not built a kernel for it yet. Too many other
distractions, and I am not bothered much by the stock kernel yet.
> Thanks. I think the biggest concern for me is LAN routing performance -
> whether the U1 will be able to achieve close to wire speed with 100Mbpps
> interfaces. What's the max rate you've been able to achieve on the LAN
> interfaces?
Well, running a few downloads, trafshow was showing a total flow rate of
around 5000K/sec, with about 120 flows. Each "flow" is a connection to
some distance host.
This was with an ftp transfer, gnutella network connections (hundreds
of connections), and one bitorrent download through the Ultra 1's happy
meals.
Since the outside connection is 54Mbit/sec wireless, I can only push
that so far.
CPU usage just for routing appears almost non-existent.
Adding a few firewall rules (about 200) didn't seem to make a dent
either.
They are mostly blocking known SPAM sources, but also a few state
preservation rules and some redirections in ipnat.conf.
Eventually I will do more, but I'm still working out what I need
exactly, and how to adjust my old rule set to work across three
interfaces (ppp0, hme0, hme1).
--
shannon "AT" widomaker.com -- ["If you tell the truth, you don't have to
remember anything" -- Mark Twain]
More information about the geeks
mailing list