Solved FreeBSD 11.0 firewall network throughput on dell optiplex gx1


From 2006 to now I've been running FreeBSD 6.1 on a Dell Optiplex GX1. It has a 500MHz CPU with 128MB of RAM and an Intel 82546 chipset dual port gigabit ethernet PCI card. It's been running great but I decided it's time to upgrade FreeBSD. I proceeded to install FreeBSD 11.0-RELEASE then I setup a simple firewall with PF including NAT and a DHCP server. Before putting it into production I connected an ethernet cable between my PC iperf3 client, the Optiplex GX1 router and an iperf3 server. My hardware maxes out at 114Mbps it completely live locks and it's impossible to send input via ssh. Is there any tweaks I can implement to get more throughput or is it just too old?

I'm concerned because my ISP gives me a cable connection running at 65Mb down and 5Mb up and I figure that may increase soon.

Should I start looking for new hardware or is there still hope?

Thanks for your time.


Staff member
128MB is a little on the low side these days. Heck, a modern CPU has that amount builtin as cache. I wouldn't be surprised if the lockup is caused by excessive swapping.

I'd probably start looking for a replacement. Even the cheapest PC you buy will blow this old one out of the water. You don't need a lot of horsepower. I have an Intel Atom board that's happily pushing 200Mbit/s without breaking a sweat. Try and find a board with a passively cooled CPU. That way the CPU fan can't fail because there isn't any ;)
If I were you, I'd pick up used WD MyNet N750 or a brand new MT7621 device such as the Ubnt Edgerouter X, DIR-860L B1, load it with LEDE and call it a day. It's not FreeBSD but it's a cheap solution that'll work very well for your needs. You could probably run LEDE on your current hw fine but it's at least 8+ years old so reliability is going down at very fast rate given the age.
Believe it or not I'm still running the hardware from above.

After looking into the issue using "top" and "systat vmstat". I discovered it wasn't swapping. The issue came from using "natd" it was maxing out the CPU. I starting using the nat in pf and wow! what a difference that made. I was told it was because pf is in kernel space vs natd being in userspace. Can someone please explain to me what that means?

For when the hard drive fails, I bought an ide to cf card adapter along with a 2GB cf card.
For when the hard drive fails, I bought an ide to cf card adapter along with a 2GB cf card.
AFAIK IDE drives are still being manufactured, not in huge amounts, but still. Certain types of older industrial equipment makes use of those drives. Time-to-time those drives need replacement, so there's some demand.
AFAIK IDE drives are still being manufactured,

That's really good to know, I had no idea IDE drives are used in industrial equipment. I'll have to keep that in mind. Speaking of old hardware is there anyway to know when FreeBSD will drop i386 support? I hope it doesn't happen but I know it will have to eventually. pfSense dropped i386 awhile back. Since it's based on FreeBSD I figure they did it to get ready for when FreeBSD drops it.

I'm still using the original hardware I mentioned above to post this. I have my fingers crossed while throwing salt over both shoulders, that it runs for another year.🤞