The problem, I swap in the "new" FreeBSD pf firewall and my connection drops to about 4mbs. Trying to replace a pix501 which gives me about 19mbs. It's criminally frustrating....
Basically simple PF setup on a Compaq ml310 - P4 2.0Ghz 1G mem. I've tried a bunch of different combinations of rules, no rules, different interfaces, cables, etc... Each time I've bounced the modem. I built a kernel for this box... nothing complex, just removing stuff and adding pf & altq.
Let me know if you'd like to see anything else... I'd really like to get this fixed, but I need some help.
Basically simple PF setup on a Compaq ml310 - P4 2.0Ghz 1G mem. I've tried a bunch of different combinations of rules, no rules, different interfaces, cables, etc... Each time I've bounced the modem. I built a kernel for this box... nothing complex, just removing stuff and adding pf & altq.
Code:
ext_if = "bge0"
int_if = "em0"
#_if = "em1"
#_if = "em2"
#_if = "em3"
ext_ad = "192.168.44.113/30"
int_ad = "10.10.10.1/26"
int_net = "10.10.10.0/26"
table <safeip> persist file "/etc/safeip.conf"
table <adminip> persist file "/etc/adminip.conf"
table <rfc1918> const { 10/8, 172.16/12, 192.168/16, 224/8 }
tcp_services = "{ bunch o services }"
udp_services = "{ bunch o services }"
set block-policy return
set skip on lo
scrub in all no-df
nat on $ext_if inet from ! ($ext_if) to any -> ($ext_if)
block in log all
antispoof for $ext_if
pass out quick on $ext_if inet from ($ext_if) to any \
modulate state
pass in on $int_if from <adminip> to any
pass in quick on $int_if from $int_net to any modulate state
#pass in on $int_if proto tcp from $int_net to any port $tcp_services \
# flags S/SA modulate state
#pass in on $int_if proto udp from $int_net to any port $udp_services
Code:
FreeBSD 8.1-RELEASE-p2 #0: Fri Dec 17 14:41:18 MST 2010
root@:/usr/obj/usr/src/sys/EFFDUB i386
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Pentium(R) 4 CPU 2.00GHz (1999.79-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0xf27 Family = f Model = 2 Stepping = 7
Features=0xbfebf9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
Features2=0x400<CNXT-ID>
real memory = 1207959552 (1152 MB)
avail memory = 1173516288 (1119 MB)
kbd1 at kbdmux0
ACPI Warning: Invalid length for Pm1aControlBlock: 32, using default 16 (20100331/tbfadt-707)
ACPI Warning: Invalid length for Pm1bControlBlock: 32, using default 16 (20100331/tbfadt-707)
acpi0: <COMPAQ D12> on motherboard
acpi0: [ITHREAD]
acpi0: Power Button (fixed)
Timecounter "ACPI-safe" frequency 3579545 Hz quality 850
acpi_timer0: <32-bit timer at 3.579545MHz> port 0x920-0x923 on acpi0
cpu0: <ACPI CPU> on acpi0
pcib0: <ACPI Host-PCI bridge> on acpi0
pci_link3: BIOS IRQ 3 for 0.5.INTA is invalid
pci_link4: BIOS IRQ 3 for 0.3.INTA is invalid
pci0: <ACPI PCI bus> on pcib0
bge0: <Compaq NC7760 Gigabit Server Adapter, ASIC rev. 0x001002> mem 0xf7ef0000-0xf7efffff irq 5 at device 3.0 on pci0
miibus0: <MII bus> on bge0
brgphy0: <BCM5703 10/100/1000baseTX PHY> PHY 1 on miibus0
brgphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
bge0: Ethernet address:
bge0: [ITHREAD]
vgapci0: <VGA-compatible display> port 0x2400-0x24ff mem 0xf6000000-0xf6ffffff,0xf5ff0000-0xf5ff0fff at device 4.0 on pci0
pci0: <base peripheral> at device 5.0 (no driver attached)
pcib1: <PCI-PCI bridge> at device 6.0 on pci0
pci1: <PCI bus> on pcib1
em0: <Intel(R) PRO/1000 Legacy Network Connection 1.0.1> port 0x3000-0x303f mem 0xf7fe0000-0xf7ffffff irq 7 at device 4.0 on pci1
em0: [FILTER]
em0: Ethernet address:
em1: <Intel(R) PRO/1000 Legacy Network Connection 1.0.1> port 0x3040-0x307f mem 0xf7fc0000-0xf7fdffff irq 10 at device 4.1 on pci1
em1: [FILTER]
em1: Ethernet address:
em2: <Intel(R) PRO/1000 Legacy Network Connection 1.0.1> port 0x3080-0x30bf mem 0xf7fa0000-0xf7fbffff irq 7 at device 6.0 on pci1
em2: [FILTER]
em2: Ethernet address:
em3: <Intel(R) PRO/1000 Legacy Network Connection 1.0.1> port 0x30c0-0x30ff mem 0xf7f80000-0xf7f9ffff irq 10 at device 6.1 on pci1
em3: [FILTER]
em3: Ethernet address:
amr0: <LSILogic MegaRAID 1.53> mem 0xf5ef0000-0xf5efffff irq 5 at device 7.0 on pci0
amr0: [ITHREAD]
amr0: delete logical drives supported by controller
amr0: <LSILogic MegaRAID SATA 150-6D> Firmware 713N, BIOS G119, 64MB RAM
isab0: <PCI-ISA bridge> at device 15.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <ServerWorks CSB6 UDMA100 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0x2000-0x200f at device 15.1 on pci0
ata0: <ATA channel 0> on atapci0
ata0: [ITHREAD]
ata1: <ATA channel 1> on atapci0
ata1: [ITHREAD]
ohci0: <OHCI (generic) USB controller> mem 0xf5fd0000-0xf5fd0fff irq 11 at device 15.2 on pci0
ohci0: [ITHREAD]
usbus0: <OHCI (generic) USB controller> on ohci0
acpi_tz0: <Thermal Zone> on acpi0
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atkbd0: [ITHREAD]
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
uart0: [FILTER]
uart0: console (115200,n,8,1)
uart1: <16550 or compatible> port 0x2f8-0x2ff irq 3 on acpi0
uart1: [FILTER]
pmtimer0 on isa0
orm0: <ISA Option ROMs> at iomem 0xc0000-0xc7fff,0xee000-0xeffff pnpid ORM0000 on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x100>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
atrtc0: <AT Real Time Clock> at port 0x70 irq 8 on isa0
p4tcc0: <CPU Frequency Thermal Control> on cpu0
Timecounter "TSC" frequency 1999789160 Hz quality 800
Timecounters tick every 1.000 msec
usbus0: 12Mbps Full Speed USB v1.0
ugen0.1: <(0x1166)> at usbus0
uhub0: <(0x1166) OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0
acd0: DVDR <HL-DT-ST DVDRAM GSA-4082B/A208> at ata0-master UDMA66
amr0: delete logical drives supported by controller
amrd0: <LSILogic MegaRAID logical drive> on amr0
amrd0: 152623MB (312571904 sectors) RAID 1 (optimal)
Root mount waiting for: usbus0
uhub0: 4 ports with 4 removable, self powered
Trying to mount root from ufs:/dev/amrd0s1a
bge0: link state changed to UP
em0: link state changed to UPLet me know if you'd like to see anything else... I'd really like to get this fixed, but I need some help.