On Jun 18, 2016, at 9:13 AM, Jed Clear <cl...@alum.mit.edu> wrote: On Jun 14, 2016, at 8:50 PM, Jed Clear <cl...@alum.mit.edu> wrote: > On Jun 9, 2016, at 11:01 PM, Andrew Atrens <and...@atrens.ca> wrote: >> On 2016-06-09 8:47 PM, Jed Clear wrote: >>>> Thanks for the replies so far. Looks like I’ll have to wait until >>>> Saturday to test further. Starting with an L2 bridge seems like a good >>>> baseline to try. Although will probably take the easier step of just NAT >>>> w/o rules first. >>> At it's most basic, an l2 bridge can be created using - >>> >>> ifconfig bridge0 create >>> ifconfig bridge0 addm vr0 addm vr1 up >> >> Had an interesting time getting this working. First no “device if_bridge” >> in my kernel (and nanobsd set to not install any kernel modules). Installed >> a new kernel and configured the bridge. But can’t DHCP across the bridge0. >> Finally had to directly attach the laptop to cable modem, let it DHCP and >> then reinstall the net5501 bridge. At that point I was able to download at >> 83. While directly connected to do the DHCP, the same test got 90. But was >> GbE to the cable modem. So I’m thinking 83 is pretty good for 100BASE-T >> interfaces. >> >> The bridge test didn’t come off until now because I’d forgotten a few real >> life things I had to do. But I did do some more thinking and googling >> during the time away. I don’t think I mentioned that I’m still set up to >> do NAT with natd and ipfw divert. Got to thinking that switching in and out >> of the kernel context a few times a packet might not be too good for >> throughput. So next I’m going to see if I can change that over to ipfw >> kernel NAT. Don’t even recall that there was a kernel nat option when I >> first set this up, many, many moons ago. Probably have to add another >> kernel option…. > > Of course it required a new kernel option. In fact it required two. I will > spare you the tale of figuring the second one out. As many have commented on > other boards, ipfw kernel NAT is not well documented. > > But it was worth it. I now get 82 Mbps download through the 5501, with > essentially the same firewall rule set. I did drop dummynet and the inbound > server NAT rules as I no longer have a static IP and I haven’t decided if I’m > going the dynDNS course or sign up for external hosting/VPS/cloud. And I > believe inbound FTP will no longer be an an option as the “punch” dynamic > rules only work with natd. But FTP is no loss.
One loose end, polling. I flipped that back on just now and still tested at 83. With the earlier results, it would imply polling and natd is a very band combination for performance. -Jed _______________________________________________ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
