Re: FreeBSD as a router
I prefer pfSense. it started as a fork of M0n0wall and has since incorporated a LOT more features. it uses pf as its filter base and is fully expandable using plugins -- From: Derrick Ryalls ryal...@gmail.com Sent: Thursday, June 11, 2009 10:33 AM To: Wojciech Puchar woj...@wojtek.tensor.gdynia.pl Cc: freebsd-questions@freebsd.org; Ivailo Tanusheff i.tanush...@procreditbank.bg; Odhiambo ワシントン odhia...@gmail.com; owner-freebsd-questi...@freebsd.org; Anton an...@sng.by Subject: Re: FreeBSD as a router You might also check out monowall. It is a stripped down version of FreeBSD that can run off a small flash card and has a web interface. On Jun 11, 2009 6:05 AM, Wojciech Puchar woj...@wojtek.tensor.gdynia.pl wrote: powerful. Hmm, PF would be better (not IPF) but I hear ipfw ha smore features . basicly - if you think ipfw can't do something - read manual again ;) exaggerated, but not very much... ___ freebsd-questions@freebsd.org mailing list http://l... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD as a router
For entire time I have been making everything with Windows, but now I'm stumbled upon problem, where only router on FreeBSD + IPFW could help me. I have installed FreeBSD, compiled kernel, found how to launch VPN connection to ISP. But, further, I don't know how to go :-( I could not figure out how to start natd and make routing with next rules: 1) Connection to Internet are made via VPN to ISP, but ISP have some internal resources free of charge, which are accessible without VPN. How to explain natd and ipfw that all users may go to these free resources without pipe and unlimited to all users 2) How to give all users right to go to the Internet by UDP 27015-27050 and TCP 27015-27050 (Steam) with pipe. natd is now part of ipfw (but older userland natd is still available) man ipfw Yes it's complex but DO SPEND FEW HOURS and read in from beginning to end! I did the same some time ago and it's really worth of it. Both point 1 and 2 is just simple thing for that great tool, just make rule for free resources with skipto command, or reverse rule matching queue command. After reading, feel free to post me priv for some help, but i don't think you'll need it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD as a router
Hi, I am not sure that FreeBSD + IPFW is the best option for you as you have not read how to use it yet. So I may suggest you use man ipfw and google a little bit - the answers are simple. Also I may suggest you to use ipf, which is in my point of view far more powerful. Regards, Ivailo Tanusheff Deputy Head of IT Department ProCredit Bank (Bulgaria) AD Anton an...@sng.by Sent by: owner-freebsd-questi...@freebsd.org 11.06.2009 12:01 Please respond to Anton an...@sng.by To freebsd-questions@freebsd.org cc Subject FreeBSD as a router Hello all, I'm new to FreeBSD and I'm seeking help. For entire time I have been making everything with Windows, but now I'm stumbled upon problem, where only router on FreeBSD + IPFW could help me. I have installed FreeBSD, compiled kernel, found how to launch VPN connection to ISP. But, further, I don't know how to go :-( I could not figure out how to start natd and make routing with next rules: 1) Connection to Internet are made via VPN to ISP, but ISP have some internal resources free of charge, which are accessible without VPN. How to explain natd and ipfw that all users may go to these free resources without pipe and unlimited to all users 2) How to give all users right to go to the Internet by UDP 27015-27050 and TCP 27015-27050 (Steam) with pipe. -- -- Best regards, Antonmailto:an...@sng.by Administrator Feel free to contact me via ICQ 363780596 via Skype dobryak47 via phone +375 29 3320987 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD as a router
So I may suggest you use man ipfw and google a little bit - the answers are simple. Also I may suggest you to use ipf, which is in my point of view far more powerful. you are joking or just don't know ipfw. i used both, ipf when i used NetBSD and then in FreeBSD a bit, until i learned how to use ipfw. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD as a router
On Thu, Jun 11, 2009 at 2:55 PM, Ivailo Tanusheff i.tanush...@procreditbank.bg wrote: Hi, I am not sure that FreeBSD + IPFW is the best option for you as you have not read how to use it yet. So I may suggest you use man ipfw and google a little bit - the answers are simple. Also I may suggest you to use ipf, which is in my point of view far more powerful. Hmm, PF would be better (not IPF) but I hear ipfw ha smore features . -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ If you have nothing good to say about someone, just shut up!. -- Lucky Dube ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD as a router
powerful. Hmm, PF would be better (not IPF) but I hear ipfw ha smore features . basicly - if you think ipfw can't do something - read manual again ;) exaggerated, but not very much... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD as a router
You might also check out monowall. It is a stripped down version of FreeBSD that can run off a small flash card and has a web interface. On Jun 11, 2009 6:05 AM, Wojciech Puchar woj...@wojtek.tensor.gdynia.pl wrote: powerful. Hmm, PF would be better (not IPF) but I hear ipfw ha smore features . basicly - if you think ipfw can't do something - read manual again ;) exaggerated, but not very much... ___ freebsd-questions@freebsd.org mailing list http://l... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD as a router
My bad - I DID mean PF, no idea where the I came from. Sorry about that, maybe because of the mail program I use. I use both PF and IPFW in our organization and PF is much more powerful and resource lighten. Regards, Ivailo Tanusheff Deputy Head of IT Department ProCredit Bank (Bulgaria) AD Odhiambo ワシントン odhia...@gmail.com Sent by: owner-freebsd-questi...@freebsd.org 11.06.2009 15:42 To Ivailo Tanusheff i.tanush...@procreditbank.bg cc owner-freebsd-questi...@freebsd.org, freebsd-questions@freebsd.org, Anton an...@sng.by Subject Re: FreeBSD as a router On Thu, Jun 11, 2009 at 2:55 PM, Ivailo Tanusheff i.tanush...@procreditbank.bg wrote: Hi, I am not sure that FreeBSD + IPFW is the best option for you as you have not read how to use it yet. So I may suggest you use man ipfw and google a little bit - the answers are simple. Also I may suggest you to use ipf, which is in my point of view far more powerful. Hmm, PF would be better (not IPF) but I hear ipfw ha smore features . -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ If you have nothing good to say about someone, just shut up!. -- Lucky Dube ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD as PF/Router/Firewall dying on the vine
Hello Jeremy: On 10/6/08 9:30 PM, Jeremy Chadwick [EMAIL PROTECTED] wrote: On Mon, Oct 06, 2008 at 06:08:50PM -0700, Michael K. Smith - Adhost wrote: Hello All: We have a load balanced pair of PF boxes sitting in front of a whole bunch of server doing all manner of things! It's been working great up until today when it, well, didn't. Here's what I see in top -S. PID USERNAME THR PRI NICE SIZERES STATE C TIME WCPU COMMAND 14 root 1 -44 -163 0K 8K CPU1 0 44:21 88.18% swi1: net 11 root 1 171 52 0K 8K RUN0 24:58 53.32% idle: cpu0 10 root 1 171 52 0K 8K RUN1 17:44 35.50% idle: cpu1 24 root 1 -68 -187 0K 8K *Giant 0 5:30 11.62% irq16: em2 uhci3 23 root 1 -68 -187 0K 8K WAIT 0 1:27 3.08% irq25: em1 25 root 1 -68 -187 0K 8K WAIT 1 1:16 2.64% irq17: em3 This is 6.3 with Intel 1000 Fiber and Copper interfaces, all using the 'em' driver. Also, there are 15 VLAN's configured on one of the NIC's for subnet separation. If anyone has any ideas I'm all ears. My google-fu is coming up empty with the swi1: net Can you explain what the problem is? Sorry it took so long to reply. We actually got the issue resolved, but I wanted to make sure our fix actually worked. Here is what the problem/solution is. The problem was significant packet loss and connectivity issue to and through the PF server. Even pinging the loopback address on the server itself was returning 4 ms times. The problem was a very busy NFS server with clients on the same VLAN, but on a different subnet. So, we had a VLAN interface on em1 that had two address ranges attached, 10.255.0.0/16 and 10.212.6.0/16. The NFS server was on the 10.255 and the clients were on the 10.212. Even though they were on the same VLAN, they weren't directly ARP'able, so all traffic (400 - 600 Mb/sec) between them had to be processed by the server. When we moved the clients on to the same subnet as the server, everything stabilized. I think this was an issue of bad design on my part. Regards, Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD as PF/Router/Firewall dying on the vine
On Mon, Oct 06, 2008 at 06:08:50PM -0700, Michael K. Smith - Adhost wrote: Hello All: We have a load balanced pair of PF boxes sitting in front of a whole bunch of server doing all manner of things! It's been working great up until today when it, well, didn't. Here's what I see in top -S. PID USERNAME THR PRI NICE SIZERES STATE C TIME WCPU COMMAND 14 root 1 -44 -163 0K 8K CPU1 0 44:21 88.18% swi1: net 11 root 1 171 52 0K 8K RUN0 24:58 53.32% idle: cpu0 10 root 1 171 52 0K 8K RUN1 17:44 35.50% idle: cpu1 24 root 1 -68 -187 0K 8K *Giant 0 5:30 11.62% irq16: em2 uhci3 23 root 1 -68 -187 0K 8K WAIT 0 1:27 3.08% irq25: em1 25 root 1 -68 -187 0K 8K WAIT 1 1:16 2.64% irq17: em3 This is 6.3 with Intel 1000 Fiber and Copper interfaces, all using the 'em' driver. Also, there are 15 VLAN's configured on one of the NIC's for subnet separation. If anyone has any ideas I'm all ears. My google-fu is coming up empty with the swi1: net Can you explain what the problem is? -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD server behind router-NAT; how to configure sendmail?
Harald Schmalzbauer wrote: Am Sonntag, 3. April 2005 17:36 schrieb Rob: There is a FAQ, that explains: If you want all outgoing SMTP connections to use port 2525, you can use this in your .mc file: define(`RELAY_MAILER_ARGS', `TCP $h 2525') define(`ESMTP_MAILER_ARGS', `TCP $h 2525') I have put this in my hostname.mc file, but to no avail. I'm probably not familiar enough with sendmail way of doing things. But then this is such a simple thing, that it should be easy. I suppose that with netstat -a, there should be a line with port 2525, if above works. But that is not there. I'm not sure if I understand your problem correctly, but what you did with these defines is that sendmail contacts every other system at port 2525 instead of 25, it's not listening on 2525, hence you can't see a tcp/2525 with netstat -a. But I think it should do what you want, if I understand your description right. If you want sendmail to listen at a custom port these defines are wrong. I don't have them in my mind right now, I'm sure you'll find the M4 defines at the sendmail FAQ, tell me if I can help. Uh? So are the rules above right or not? I'm still confused. The header of that particular FAQ was: How do I send using an alternate port? and that's what I want, unless my English is badly deteriorating, which I often feel like when reading sendmail manual pages :(. Anyway, let's go back to what I want sendmail to do, which is possibly a little more complicated than just shifting to another outgoing port: 1) for local delivery, i.e. users on the PC, deliver to the local mailboxes (does that need port 25?). 2) for outgoing delivery, do that over an ssh-tunnel port, e.g. over port 2525: ssh -N -f -L 2525:localhost:25 smtp.my.isp I can create the ssh-tunnel easily: telnet localhost 2525 connects me to the remote smtp server. As you may have noticed, I am a very newbie to sendmail configuration. Thanks for your help! Rob. __ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD server behind router-NAT; how to configure sendmail?
Emanuel Strobl wrote:\ If you don't have /etc/mail/yourhostname.domain.mc then you should cd to /etc/mail and type make, after you edited the file make all install restart Thanks for your help. I generated the files with this make command, and all just worked out of the box. I can send email, without needing to tell sendmail about my hostname. So far so good. However, next what I need, is using another port for sending emails out. I have googled and read the sendmail FAQs, but I am completely at a loss here. There is a FAQ, that explains: If you want all outgoing SMTP connections to use port 2525, you can use this in your .mc file: define(`RELAY_MAILER_ARGS', `TCP $h 2525') define(`ESMTP_MAILER_ARGS', `TCP $h 2525') I have put this in my hostname.mc file, but to no avail. I'm probably not familiar enough with sendmail way of doing things. But then this is such a simple thing, that it should be easy. I suppose that with netstat -a, there should be a line with port 2525, if above works. But that is not there. Do you have any suggestions how to solve this? Thanks, Rob. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD server behind router-NAT; how to configure sendmail?
Am Sonntag, 3. April 2005 17:36 schrieb Rob: Emanuel Strobl wrote:\ If you don't have /etc/mail/yourhostname.domain.mc then you should cd to /etc/mail and type make, after you edited the file make all install restart Thanks for your help. I generated the files with this make command, and all just worked out of the box. I can send email, without needing to tell sendmail about my hostname. So far so good. However, next what I need, is using another port for sending emails out. I have googled and read the sendmail FAQs, but I am completely at a loss here. There is a FAQ, that explains: If you want all outgoing SMTP connections to use port 2525, you can use this in your .mc file: define(`RELAY_MAILER_ARGS', `TCP $h 2525') define(`ESMTP_MAILER_ARGS', `TCP $h 2525') I have put this in my hostname.mc file, but to no avail. I'm probably not familiar enough with sendmail way of doing things. But then this is such a simple thing, that it should be easy. I suppose that with netstat -a, there should be a line with port 2525, if above works. But that is not there. I'm not sure if I understand your problem correctly, but what you did with these defines is that sendmail contacts every other system at port 2525 insetad of 25, it's not listening on 2525, hence you can't see a tcp/2525 with netstat -a. But I think it should do what you want, if I understand your description right. If you want sendmail to listen at a custom port these defines are wrong. I don't have them in my mind right now, I'm sure you'll find the M4 defines at the sendmail FAQ, tell me if I can help. -Harry Do you have any suggestions how to solve this? Thanks, Rob. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com pgpHRUoD537Aw.pgp Description: PGP signature
Re: FreeBSD server behind router-NAT; how to configure sendmail?
Am Samstag, 2. April 2005 18:07 schrieb Rob: Hi, My ISP provides me with a fixed IP address and a registered hostname. I use a Sitecom DC-207 that serves as a plain router, NAT and 4-port switch, to connect three Windows PCs and one FreeBSD PC simultaneously to the internet. The router gets the fixed IP address, whereas my FreeBSD system gets IP 192.168.123.1 with a fake hostname. The router is configured to redirect the usual TCP/IP server ports to the FreeBSD PC (e.g. ports 22, 25, 80 etc.), which makes the FreeBSD PC a kind of virtual server for my fixed IP address. One of the problems I encounter is this: Sendmail on the FreeBSD PC cannot deliver email, because there seems to be a DNS issue, because the FreeBSD PC does not have an official IP hostname. You can set the following ine /etc/mail/yourhostname.domain.mc define(`confDOMAIN_NAME', `host.name.fq')dnl host.name.fq is what ever your provider registred for your IP. Make sure there's also a correct A record for that hostname, eg. if it is spam.refuse.org then `host spam.refuse.org` must return your IP and `host IP` must return spam.refuse.org. If you don't have /etc/mail/yourhostname.domain.mc then you should cd to /etc/mail and type make, after you edited the file make all install restart You also may want to define masquerading, like: MASQUERADE_AS(`yourdomain.org') MASQUERADE_DOMAIN(`internal.domain.sth')dnl FEATURE(limited_masquerade)dnl FEATURE(`masquerade_entire_domain') FEATURE(`masquerade_envelope') -Harry How do I configure my FreeBSD PC so, that sendmail thinks the PC has the official IP address/hostname provided by my ISP, which is actually used by the router? Or should I follow a different configuration scheme for achieving these goals? Thanks, Rob. __ Do you Yahoo!? Yahoo! Personals - Better first dates. More second dates. http://personals.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] pgp4rvJ465864.pgp Description: PGP signature
Re: FreeBSD box as router adding latency
On Thu, 26 Feb 2004, Aloha Guy wrote: Already tried that and it did improve things a little. I tried setting the HZ to 1000 and it didn't make much of a difference. Is there a larger number that actually works well? You can try higher HZ numbers, but you might run into other problems. Experiment and see. Others have experimented with higher HZ numbers so you might want to check the list archives. Anyway, is a 1ms delay really that bad? -- Chris Dillon - cdillon(at)wolves.k12.mo.us FreeBSD: The fastest, most open, and most stable OS on the planet - Available for IA32, IA64, AMD64, PC98, Alpha, and UltraSPARC architectures - PowerPC, ARM, MIPS, and S/390 under development - http://www.freebsd.org Q: Because it reverses the logical flow of conversation. A: Why is putting a reply at the top of the message frowned upon? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD box as router adding latency
Chris Dillon [EMAIL PROTECTED] wrote: On Thu, 26 Feb 2004, Aloha Guy wrote: Already tried that and it did improve things a little. I tried setting the HZ to 1000 and it didn't make much of a difference. Is there a larger number that actually works well? You can try higher HZ numbers, but you might run into other problems. Experiment and see. Others have experimented with higher HZ numbers so you might want to check the list archives. Anyway, is a 1ms delay really that bad? The 1ms delay isn't that bad if it was 1ms but we're talking about 3-4ms atleast. As for HZ numbers, what should I search for in the archives and on which list since it seems like HZ is also in the dmesg output for the clock generator so it's one of those terms that are used widely. Thanks, John - Do you Yahoo!? Get better spam protection with Yahoo! Mail ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD box as router adding latency
On Feb 26, 2004, at 4:53 PM, Aloha Guy wrote:
Here is the HZ setting:
kern.clockrate: { hz = 100, tick = 1, profhz = 1024, stathz = 128 }
There's your issue right there: if you care about the millisecond level
granularity of network traffic going by this router, you ought to set
HZ to 1000 as documented in man dummynet.
--
-Chuck
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD box as router adding latency
Charles Swiger [EMAIL PROTECTED] wrote: On Feb 26, 2004, at 4:53 PM, Aloha Guy wrote:
Here is the HZ setting:
kern.clockrate: { hz = 100, tick = 1, profhz = 1024, stathz = 128 }
There's your issue right there: if you care about the millisecond level
granularity of network traffic going by this router, you ought to set
HZ to 1000 as documented in man dummynet.
--
-Chuck
Knew I forgot to read something. I guess I forgot all about dummynet is the one doing
the traffic shaping as I never used traffic shaping on the other boxes when they were
used as both Ethernet and T1 routers. I've always had NMBCLUSERS set to 32768 which I
assume is fine. Also, is there a way to use two NICs like a xl0 and a fxp0 and bond
them together with just one IP?
John
-
Do you Yahoo!?
Get better spam protection with Yahoo! Mail
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD box as router adding latency
On Feb 26, 2004, at 5:59 PM, Aloha Guy wrote: Charles Swiger [EMAIL PROTECTED] wrote: There's your issue right there: if you care about the millisecond level granularity of network traffic going by this router, you ought to set HZ to 1000 as documented in man dummynet. [ ... ] Knew I forgot to read something. I guess I forgot all about dummynet is the one doing the traffic shaping as I never used traffic shaping on the other boxes when they were used as both Ethernet and T1 routers. I've always had NMBCLUSERS set to 32768 which I assume is fine. Thats a lot of NMBCLUSTERS, but if you've got the memory you should be okay. Also, is there a way to use two NICs like a xl0 and a fxp0 and bond them together with just one IP? Yes, netgraph. See man ng_one2many -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD box as router adding latency
Charles Swiger [EMAIL PROTECTED] wrote: On Feb 26, 2004, at 5:59 PM, Aloha Guy wrote: Charles Swiger wrote: There's your issue right there: if you care about the millisecond level granularity of network traffic going by this router, you ought to set HZ to 1000 as documented in man dummynet. [ ... ] Knew I forgot to read something. I guess I forgot all about dummynet is the one doing the traffic shaping as I never used traffic shaping on the other boxes when they were used as both Ethernet and T1 routers. I've always had NMBCLUSERS set to 32768 which I assume is fine. Thats a lot of NMBCLUSTERS, but if you've got the memory you should be okay. Also, is there a way to use two NICs like a xl0 and a fxp0 and bond them together with just one IP? Yes, netgraph. See man ng_one2many I actually had the NMBCLUSTERS set that way even with 128MB boxes without issues but the box in question has 2GB of ram so it's not much of a big deal. I tried the ng_one2many and it did help bring things closer to 80Mbps from 60Mbps. I guess the HD is the bottleneck as it's only a notebook and even with the 7200rpm 60GB 2.5 drive, the sustained transfer rate is limited. Tried the HZ 1000 setting and recompiled a new kernel but it didn't really seem to do anything at all. I'm wondering what's the highest setting it will work with.Thanks,John - Do you Yahoo!? Get better spam protection with Yahoo! Mail ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD box as router adding latency
Chris Dillon [EMAIL PROTECTED] wrote:
On Wed, 25 Feb 2004, Aloha Guy wrote:
You're right that additional delay while adding a hop is to be
expected, which is less than 0.1ms to the FreeBSD box but everything
past the FreeBSD machine is adding atleast 5ms up to 300ms in the
traceroutes when the normal is no more than 20ms for the same
traceroute. I've already checked the NICs and they are all
configured at their full rated speeds and full duplex. I even try
using a Cardbus PCMCIA fxp0 Intel Pro/100S card on the FreeBSD box
and it still had the same problem. I am using a September 2003
-CURRENT so I don't know if it's a issue with the current networking
code back then or not.
What do you have HZ set to (see sysctl kern.clockrate)? I think I
remember your original message showing you using pipes and queues and
the HZ setting can affect those. Also see if your latency improves if
you remove all pipe and queue rules (other ipfw rules are OK).
Here is the HZ setting:
kern.clockrate: { hz = 100, tick = 1, profhz = 1024, stathz = 128 }
I'm not sure how to remove the pipe since I don't think the pipe works until the queue
is defined. When I removed the queues that are configured for the pipe, the latency
is back to normal though.
Thanks,
John
-
Do you Yahoo!?
Get better spam protection with Yahoo! Mail
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD box as router adding latency
On Thu, 26 Feb 2004, Aloha Guy wrote:
What do you have HZ set to (see sysctl kern.clockrate)? I think I
remember your original message showing you using pipes and queues
and the HZ setting can affect those. Also see if your latency
improves if you remove all pipe and queue rules (other ipfw rules
are OK).
Here is the HZ setting:
kern.clockrate: { hz = 100, tick = 1, profhz = 1024, stathz = 128 }
I'm not sure how to remove the pipe since I don't think the pipe
works until the queue is defined. When I removed the queues that
are configured for the pipe, the latency is back to normal though.
Like I said, remove both pipes and queues to test. However, pipes
_can_ be used without queues, but that is irrelevant here. Try
setting HZ to 1000 in your kernel config, recompile, reboot, and test
again. You should see something between a slight improvement to a
ten-fold improvement.
--
Chris Dillon - cdillon(at)wolves.k12.mo.us
FreeBSD: The fastest, most open, and most stable OS on the planet
- Available for IA32, IA64, AMD64, PC98, Alpha, and UltraSPARC architectures
- PowerPC, ARM, MIPS, and S/390 under development
- http://www.freebsd.org
Q: Because it reverses the logical flow of conversation.
A: Why is putting a reply at the top of the message frowned upon?
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD box as router adding latency
On Wed, 25 Feb 2004, Aloha Guy wrote: You're right that additional delay while adding a hop is to be expected, which is less than 0.1ms to the FreeBSD box but everything past the FreeBSD machine is adding atleast 5ms up to 300ms in the traceroutes when the normal is no more than 20ms for the same traceroute. I've already checked the NICs and they are all configured at their full rated speeds and full duplex. I even try using a Cardbus PCMCIA fxp0 Intel Pro/100S card on the FreeBSD box and it still had the same problem. I am using a September 2003 -CURRENT so I don't know if it's a issue with the current networking code back then or not. What do you have HZ set to (see sysctl kern.clockrate)? I think I remember your original message showing you using pipes and queues and the HZ setting can affect those. Also see if your latency improves if you remove all pipe and queue rules (other ipfw rules are OK). -- Chris Dillon - cdillon(at)wolves.k12.mo.us FreeBSD: The fastest, most open, and most stable OS on the planet - Available for IA32, IA64, AMD64, PC98, Alpha, and UltraSPARC architectures - PowerPC, ARM, MIPS, and S/390 under development - http://www.freebsd.org Q: Because it reverses the logical flow of conversation. A: Why is putting a reply at the top of the message frowned upon? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD box as router adding latency
Chris Dillon [EMAIL PROTECTED] wrote: On Thu, 26 Feb 2004, Aloha Guy wrote:
What do you have HZ set to (see sysctl kern.clockrate)? I think I
remember your original message showing you using pipes and queues
and the HZ setting can affect those. Also see if your latency
improves if you remove all pipe and queue rules (other ipfw rules
are OK).
Here is the HZ setting:
kern.clockrate: { hz = 100, tick = 1, profhz = 1024, stathz = 128 }
I'm not sure how to remove the pipe since I don't think the pipe
works until the queue is defined. When I removed the queues that
are configured for the pipe, the latency is back to normal though.
Like I said, remove both pipes and queues to test. However, pipes
_can_ be used without queues, but that is irrelevant here. Try
setting HZ to 1000 in your kernel config, recompile, reboot, and test
again. You should see something between a slight improvement to a
ten-fold improvement.
Already tried that and it did improve things a little. I tried setting the HZ to 1000
and it didn't make much of a difference. Is there a larger number that actually works
well?
Thanks,
John
-
Do you Yahoo!?
Get better spam protection with Yahoo! Mail
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD box as router adding latency
On Wed, 25 Feb 2004, Aloha Guy wrote: Any ideas what is causing this? Is it the xl0 driver because I've used FreeBSD machines as ethernet routers before with a similar setup except there was no NAT involved and used the fxp drivers and it never had this problem. Thanks for your help in advance! Additional delay while adding a hop is to be expected, no matter how fast your network or router is. You only added about 1ms on average, which is about right. The lost packet in the second traceroute might be due to a full/half-duplex mismatch between one of the NICs and the switch. -- Chris Dillon - cdillon(at)wolves.k12.mo.us FreeBSD: The fastest, most open, and most stable OS on the planet - Available for IA32, IA64, AMD64, PC98, Alpha, and UltraSPARC architectures - PowerPC, ARM, MIPS, and S/390 under development - http://www.freebsd.org Q: Because it reverses the logical flow of conversation. A: Why is putting a reply at the top of the message frowned upon? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD box as router adding latency
Chris Dillon [EMAIL PROTECTED] wrote: On Wed, 25 Feb 2004, Aloha Guy wrote: Any ideas what is causing this? Is it the xl0 driver because I've used FreeBSD machines as ethernet routers before with a similar setup except there was no NAT involved and used the fxp drivers and it never had this problem. Thanks for your help in advance! Additional delay while adding a hop is to be expected, no matter how fast your network or router is. You only added about 1ms on average, which is about right. The lost packet in the second traceroute might be due to a full/half-duplex mismatch between one of the NICs and the switch. You're right that additional delay while adding a hop is to be expected, which is less than 0.1ms to the FreeBSD box but everything past the FreeBSD machine is adding atleast 5ms up to 300ms in the traceroutes when the normal is no more than 20ms for the same traceroute. I've already checked the NICs and they are all configured at their full rated speeds and full duplex. I even try using a Cardbus PCMCIA fxp0 Intel Pro/100S card on the FreeBSD box and it still had the same problem. I am using a September 2003 -CURRENT so I don't know if it's a issue with the current networking code back then or not. John - Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
