[Soekris] 4801 and openbsd 4.2 performance

wouter lists Thu, 14 Feb 2008 03:28:06 -0800

Hi all,

I have some questions about the performance of openbsd 4.2 on a 4801.


My current internet provider tells me that I can download at 20mbit
and upload at 1mbit. I never managed to get a download speed above
16mbit. I was wondering if the soekris is the cause or not.
So I started to look around and found some strange things.

If I test with iperf between 2 pc's located on my internal network, I
get 92 mbits/sec. This is normal on a 100mbit network.

I repeated the same test but now between the soekris and a pc, and i
get 32mbit. Turning off pf increased the throughput to 37mbit. (I'm
not at home right now, so I'm not 100% sure about these figures).

As a last test, I have put the soekris between the 2 pc and I get a
thoughput of 575 kbit. (yes with a K). This is not very good. The 4801
is configured as a firewall with natting.

Here is my current pf.conf:
# wired network
int_if  = "sis0"
int_net = "192.168.1.0/27"
ext_if  = "sis1"
#sym_vpn = "tun0"

meedio = "192.168.1.28"
teebo = "192.168.1.4"
winxp = "192.168.1.3"
yoda = "192.168.1.2"
azureus_port = "35335"
utorrent_port = "35313"
iperf_port = "5001"
nonroutable="{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8,
169.254.0.0/16, 192.0.2.0/24, 0.0.0.0/8, 240.0.0.0/4 }"

# don't filter on the loopback interface
set skip on lo0

set block-policy drop
scrub in all

#set loginterface $ext_if

# NAT outgoing traffic
nat on $ext_if from $int_net to any -> ($ext_if)
#nat on $sym_vpn from $int_net to any -> ($sym_vpn)

rdr on $ext_if proto tcp from any to $ext_if port 2222 -> $meedio port ssh
rdr on $ext_if proto { tcp,udp } from any to $ext_if port
$azureus_port -> $teebo port $azureus_port
rdr on $ext_if proto { tcp,udp } from any to $ext_if port
$utorrent_port -> $winxp port $utorrent_port
rdr on $ext_if proto { tcp,udp } from any to $ext_if port $iperf_port
-> $yoda port $iperf_port

pass quick on lo0
pass quick on $int_if
pass out quick keep state

#antispoof quick for $ext_if

# Non routable
block drop in quick on $ext_if from $nonroutable to any
block drop out quick on $ext_if from any to $nonroutable

# external ssh
pass in quick on $ext_if inet proto tcp from any to $meedio port ssh
flags S/SA keep state \
  (max 5, source-track rule, max-src-nodes 4, max-src-states 3)

pass in quick on $ext_if inet proto { tcp,udp } from any to $teebo
port $azureus_port
pass in quick on $ext_if inet proto { tcp,udp } from any to $winxp
port $utorrent_port
pass in quick on $ext_if inet proto { tcp,udp } from any to $yoda port
$iperf_port

#Drop All
block in quick on $ext_if

Any idea what could cause this? Is this just the limitiation of the
4801 or do I have to modify my pf rules?

Regards,

Wouter
_______________________________________________
Soekris-tech mailing list
[email protected]
http://lists.soekris.com/mailman/listinfo/soekris-tech

[Soekris] 4801 and openbsd 4.2 performance

Reply via email to