Re[2]: 400Mbps PF based firewall, which hardware?

2005-07-11 Thread Ilya A. Kovalenko
SG Since your network is only 100Mpbs my recommendation is a dlink ehternet card. SG Now I may not be fully correct but from my experience it performs well :-) AFAIK D-Link NICs is worst choice. Two reasons: 1. D-link NICs always was cheap low-end solution. 2. Couple months ago D-link

Re: pf bug?

2005-07-11 Thread Daniel Hartmeier
On Sat, Jul 09, 2005 at 03:38:10PM -0400, David Hill wrote: set skip on sis0 nat on sis0 inet from 10.0.0.0/8 to any - 216.x.x.x pass quick all nat does not work. Of course not. You didn't expect it to, did you? If I remove set skip on sis0, it still does not work. How, exactly, did

Re: 400Mbps PF based firewall, which hardware?

2005-07-11 Thread Kirill Ponazdyr
On 10 Jul 2005 15:44:53 -0700, [EMAIL PROTECTED] (Gustavo A. Baratto) wrote: What is Very Fast memory? ;) for example, between DDR533 and DDR800 RAM modules, get a DDR800 (or faster, if they are out there) AFAIK no serious server board/chipset supports anything better then PC2100 DDR or

Re: pf bug?

2005-07-11 Thread David Hill
On Sat, Jul 09, 2005 at 03:38:10PM -0400, David Hill wrote: set skip on sis0 nat on sis0 inet from 10.0.0.0/8 to any - 216.x.x.x pass quick all nat does not work. Of course not. You didn't expect it to, did you? If I remove set skip on sis0, it still does not work. How, exactly, did

Re: 400Mbps PF based firewall, which hardware?

2005-07-11 Thread Richard Grint
Didn't reply to your original email because we aren't an ISP and therefore don't see the number of connections you mention ; Hennings advice is much more relevant. However we are at late stages of testing FreeBSD 5.3 based pf setup which we have benchmarked with 1 Gb in and out concurrently

Re: pf bug?

2005-07-11 Thread Daniel Hartmeier
On Mon, Jul 11, 2005 at 07:57:33AM -0400, David Hill wrote: I reloaded the rules manually with pfctl -F rules -f /etc/pf.conf after removing set skip on sis0. Nat still did not work. Rebooting fixed it. Can you try the diff below (against pfctl only, only requires rebuild of pfctl, not the

Re: pf bug?

2005-07-11 Thread David Hill
On Mon, Jul 11, 2005 at 07:57:33AM -0400, David Hill wrote: I reloaded the rules manually with pfctl -F rules -f /etc/pf.conf after removing set skip on sis0. Nat still did not work. Rebooting fixed it. Can you try the diff below (against pfctl only, only requires rebuild of pfctl, not

Re: pf bug?

2005-07-11 Thread Nikolay Kalev
David Hill wrote: On Sat, Jul 09, 2005 at 03:38:10PM -0400, David Hill wrote: set skip on sis0 nat on sis0 inet from 10.0.0.0/8 to any - 216.x.x.x pass quick all nat does not work. Of course not. You didn't expect it to, did you? If I remove set skip on sis0, it still