RE: [pfSense-discussion] throughput - cpu, bus
Chipset ? I'm not sure tbh, its an abit board I purchased 4-5 years ago. The source is on a HP Netserver LH3000 (2 x P3 866Mhz, 2.25Gb RAM) with dual 64 bit PCI bus. 3 x Intel Pro MT1000 gig nics (64bit). The disk subsystem is 2 x megaraid scsi/sata controllers, with scsi3 and sata raid 5 arrays. I doubt the bottle neck is there. Although it is running vmware 2.5.1 at the moment. The guest OS is Windows XP SP2. I guess I need to see what happens when I run straight linux on the box. The firewall is currently on an abit mb, don't know which chipset till I down the fw and take a look. This has Intel Pro MT1000 gig nics (64bit) too although only 32bits are being used. The destination machine is a nforce2 mb with an athlon xp1700 with 1Gb RAM and ATA133 seagate 7200rpm drive running XP SP2. Here there is a 3com 996B Now somewhere in there is the culprit for slowing things down. I have been using ftp get on large files to do the measuring: Is there a better method ? Thanks -Original Message- From: Greg Hennessy [mailto:[EMAIL PROTECTED] Sent: 15 March 2006 10:45 To: discussion@pfsense.com Subject: RE: [pfSense-discussion] throughput - cpu, bus guys, 2.2MBs, 2.2 megabytes per second (120) 7MBs, 7 megabytes pers second (athlon) Are the Athlon figures on a Via chipset motherboard ? Some of the early Via athlon chipsets had pretty lousy PCI performance. You could try tweaking the PCI latency timers in the bios to give the em card more time on the bus. This may improve throughput slightly. On a bge plugged into a nforce2 board, I can iperf ~800 read/ ~600 write through it. Greg
[pfSense-discussion] throughput - cpu, bus
Hi, I have two fw platforms, mono 1.21 running on a Nokia120 and pfsense1.0beta2 running on an AMD athlon 900. I can get 2.2MBs on the 120 platform, at 96% cpu usage. On the athlon, 32bit, 33Mhz pci, I can get 7MBs using Intel PRO 1000MT 64 bit PCI cards. My question is what speed/type cpu do I need to use to improve on this with a PCI-X bus? (64bit, 33Mhz or maybe 66Mhz) I would like to get 15-20MBs, but without spending too much. I am looking at a 2nd hand Supermicro FPGA370 dual Pentium mb, with PCI-X bus. All my NICs are Intelpro MT1000, 64bit. Thanks
[pfSense-discussion] problem with vlans
I'm running 0.86 on a generic pc with 3 x dual FE cards. Similar errors with 0.85.2 as well. When I configure vlans, I get the following errors : ifconfig: interface vlan0 does not exist ifconfig: interface vlan0 does not exist ifconfig: interface vlan1 does not exist ifconfig: interface vlan1 does not exist The vlans I defined are numbered 20 and 30. In the system logs I get the following error : php: : There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF - The line in question reads [ DIOCSETSTATUSIF]: and this too : Warning: implode(): Bad arguments. in /usr/local/www/fbegin.inc on line 50 The pertinent config : - interfaces - lan iffxp2/if ipaddr192.168.199.254/ipaddr subnet24/subnet media / mediaopt / bandwidth100/bandwidth bandwidthtypeMb/bandwidthtype /lan - wan iffxp0/if mtu / ipaddrdhcp/ipaddr subnet / gateway / blockprivon/blockpriv dhcphostname / media / mediaopt / bandwidth100/bandwidth bandwidthtype / spoofmac / schedulertypepriq/schedulertype /wan - opt1 iffxp3/if descrM_server/descr bridge / enable / bandwidth100/bandwidth bandwidthtypeMb/bandwidthtype ipaddr192.168.200.254/ipaddr subnet24/subnet gateway / spoofmac / mtu / /opt1 - opt2 iffxp1/if descrFE_Server/descr bridge / enable / bandwidth100/bandwidth bandwidthtypeMb/bandwidthtype ipaddr172.100.100.254/ipaddr subnet24/subnet gateway / spoofmac / mtu / /opt2 - opt3 iftl0/if descrOPT3/descr /opt3 - opt4 iftl1/if descrOPT4/descr /opt4 - opt5 descrOPT5/descr ifvlan0/if /opt5 - opt6 descrOPT6/descr ifvlan1/if /opt6 /interfaces - vlans - vlan iffxp1/if tag20/tag descrFE_Server_download/descr /vlan - vlan iffxp1/if tag30/tag descrFE_server_webserver/descr /vlan /vlans -- Lust, ein paar Euro nebenbei zu verdienen? Ohne Kosten, ohne Risiko! Satte Provisionen für GMX Partner: http://www.gmx.net/de/go/partner
Re: [pfSense-discussion] problem with vlans
# ifconfig -a tl0: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500 ether 00:80:5f:a7:83:4d media: Ethernet autoselect (none) status: no carrier tl1: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500 ether 00:80:5f:a7:83:cd media: Ethernet autoselect (none) status: no carrier fxp0: flags=9943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,LINK0,MULTICAST mtu 1500 options=8VLAN_MTU inet6 fe80::250:8bff:fe68:8972%fxp0 prefixlen 64 scopeid 0x3 inet 82.4.0.0 netmask 0xff00 broadcast 255.255.255.255 ether 00:50:8b:68:89:72 media: Ethernet autoselect (100baseTX full-duplex) status: active fxp1: flags=9843UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST mtu 1500 options=8VLAN_MTU inet 172.100.100.254 netmask 0xff00 broadcast 172.100.100.255 inet6 fe80::250:8bff:fe68:8973%fxp1 prefixlen 64 scopeid 0x4 ether 00:50:8b:68:89:73 media: Ethernet autoselect (100baseTX full-duplex) status: active fxp2: flags=9843UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST mtu 1500 options=8VLAN_MTU inet 192.168.199.254 netmask 0xff00 broadcast 192.168.199.255 inet6 fe80::208:2ff:fede:cec4%fxp2 prefixlen 64 scopeid 0x5 ether 00:08:02:de:ce:c4 media: Ethernet autoselect (100baseTX) status: active fxp3: flags=9843UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST mtu 1500 options=8VLAN_MTU inet 192.168.200.254 netmask 0xff00 broadcast 192.168.200.255 inet6 fe80::208:2ff:fede:cec5%fxp3 prefixlen 64 scopeid 0x6 ether 00:08:02:de:ce:c5 media: Ethernet autoselect (100baseTX full-duplex) status: active plip0: flags=108810POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT mtu 1500 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 pflog0: flags=141UP,RUNNING,PROMISC mtu 33208 pfsync0: flags=41UP,RUNNING mtu 2020 pfsync: syncdev: lo0 maxupd: 128 # Hi Dan, ifconfig -a. Any idea what plip0 is ? Thanks -- GMX DSL = Maximale Leistung zum minimalen Preis! 2000 MB nur 2,99, Flatrate ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl
Re: [pfSense-discussion] problem with vlans
Hmm, strange, no errors after I restored. I have gone on to set the ip address of the vlans. Dan, I have used virtual and physical interfaces on other firewalls (Nokia running CP NG), I treat the physical as vlan 1. If I get a chance, I'll try it again and see if I can repeat it. Regards Chun --- Ursprüngliche Nachricht --- Von: Dan Swartzendruber [EMAIL PROTECTED] An: discussion@pfsense.com Betreff: Re: [pfSense-discussion] problem with vlans - with correct ifconfig -a Datum: Wed, 05 Oct 2005 17:11:55 -0400 the vlan0 and vlan1 interfaces don't have IP addresses, but the physical interface (fxp1) does. Mixing and matching real interfaces and vlan interfaces doesn't seem right... At 05:06 PM 10/5/2005, you wrote: This looks good. Are you still reaching errors? Scott On 10/5/05, Chun Wong [EMAIL PROTECTED] wrote: Sorry guys, In my haste, I did the ifconfig -a after I had restored the previous good config - doh! fxp1 is my dmz which I would like to vlan into different subnets fxp0 is my wan fxp2 is my lan fxp3 is my lan 2 tl0 is for my wlan subnet tl1 is spare This is the correct one : login as: admin Using keyboard-interactive authentication. Password: *** This is pfSense version 0.86 - pfSense *** LAN - fxp2 - 192.168.199.254 WAN - fxp0 - dhcp OPT1 - fxp3 - 192.168.200.254(M_server) OPT2 - fxp1 - 172.100.100.254(FE_Server) OPT3 - tl0 - (OPT3) OPT4 - tl1 - (OPT4) OPT5 - vlan0 - (OPT5) OPT6 - vlan1 - (OPT6) pfSense console setup *** 0) Logout (SSH only) 1) Assign Interfaces 2) Set LAN IP address 3) Reset webGUI password 4) Reset to factory defaults 5) Reboot system 6) Halt system 7) Ping host 8) Shell 9) PFtop 10) Traffic Logs Enter an option: 8 # ifconfig -a tl0: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500 ether 00:80:5f:a7:83:4d media: Ethernet autoselect (none) status: no carrier tl1: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500 ether 00:80:5f:a7:83:cd media: Ethernet autoselect (none) status: no carrier fxp0: flags=9943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,LINK0,MULTICAST mtu 1500 options=8VLAN_MTU inet6 fe80::250:8bff:fe68:8972%fxp0 prefixlen 64 scopeid 0x3 inet 82.4.0.0 netmask 0xff00 broadcast 255.255.255.255 ether 00:50:8b:68:89:72 media: Ethernet autoselect (100baseTX full-duplex) status: active fxp1: flags=9843UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST mtu 1500 options=8VLAN_MTU inet6 fe80::250:8bff:fe68:8973%fxp1 prefixlen 64 scopeid 0x4 inet 172.100.100.254 netmask 0xff00 broadcast 172.100.100.255 ether 00:50:8b:68:89:73 media: Ethernet autoselect (100baseTX full-duplex) status: active fxp2: flags=9843UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST mtu 1500 options=8VLAN_MTU inet 192.168.199.254 netmask 0xff00 broadcast 192.168.199.255 inet6 fe80::208:2ff:fede:cec4%fxp2 prefixlen 64 scopeid 0x5 ether 00:08:02:de:ce:c4 media: Ethernet autoselect (100baseTX) status: active fxp3: flags=9843UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST mtu 1500 options=8VLAN_MTU inet 192.168.200.254 netmask 0xff00 broadcast 192.168.200.255 inet6 fe80::208:2ff:fede:cec5%fxp3 prefixlen 64 scopeid 0x6 ether 00:08:02:de:ce:c5 media: Ethernet autoselect (100baseTX full-duplex) status: active plip0: flags=108810POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT mtu 1500 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 pflog0: flags=141UP,RUNNING,PROMISC mtu 33208 pfsync0: flags=41UP,RUNNING mtu 2020 pfsync: syncdev: lo0 maxupd: 128 vlan0: flags=8842BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 ether 00:50:8b:68:89:73 media: Ethernet autoselect (100baseTX full-duplex) status: active vlan: 20 parent interface: fxp1 vlan1: flags=8842BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 ether 00:50:8b:68:89:73 media: Ethernet autoselect (100baseTX full-duplex) status: active vlan: 30 parent interface: fxp1 # --- Ursprüngliche Nachricht --- Von: Scott Ullrich [EMAIL PROTECTED] An: discussion@pfsense.com Betreff: Re: [pfSense-discussion] problem with vlans Datum: Wed, 5 Oct 2005 16:51:40 -0400 Yes, please make sure they are assigned correctly. If they are let me know and I'll dive
Re: [pfSense-discussion] problem with vlans
you're right, its me being defensive ;0) at the moment the vlans are working ok, even in my strange setup! now I am learning the way pfsense handles rules, esp. the implied ones. Cheers Chun Dan, I have used virtual and physical interfaces on other firewalls (Nokia running CP NG), I treat the physical as vlan 1. this is not nokia :) not saying it can't work, but i'm surprised if it does. -- GMX DSL = Maximale Leistung zum minimalen Preis! 2000 MB nur 2,99, Flatrate ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl
[pfSense-discussion] my initial views on pfsense
I think monowall and pfsense are great firewalls, features and performance at a great price point ;-) A little rough around the edges sometimes, especially pfsense and it's addon packages, but orders of magnitude more friendly to use than the raw PF, ipchains etc and much more flexible than IPCOP which was the previous fw I was using before monowall and pfsense. In fact I still have mono on an old IP110, booting off a 16Mb CF card, the original 5Gb HD died long ago. I'll keep it as the internet facing fw probably and run pfsense on my vmware setup as a bubble fw protecting my virtual servers eventually. Thanks for a great FW and friendly help ! Chun -- GMX DSL = Maximale Leistung zum minimalen Preis! 2000 MB nur 2,99, Flatrate ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl
Re: [pfSense-discussion] packages - squid
Scott, looks like other people have asked this already thanks I didn't know there was an archive, I'll check there first. Regards CW http://www.mail-archive.com/support@pfsense.com/msg00246.html -- Lust, ein paar Euro nebenbei zu verdienen? Ohne Kosten, ohne Risiko! Satte Provisionen für GMX Partner: http://www.gmx.net/de/go/partner
