I have two machines of similar CPU power that I use as routers. One is
running 11-Stable as of a week ago and the other is 10-Stable from
around the same time. They both run roughly the same IPFW rules (the
syntax has changed slightly to run on the newer version). I've been
using the 10-Stable box for a number of years without problems.
However, the performance on the 11-Stable box is much worse. For file
transfers I get about 1/10th the speed. Incoming TLS connections often
fail to establish. Looking (from outside the box) at the interface in
Wireshark shows lots of packets being retransmitted.
This appears to be due to the NAT rule. If I remove that, the
performance jumps up to be approximately the same as the 10-Stable box.
The rules are pretty simple:
nat 1 config if igb1 deny_in same_ports redirect_port udp
XXX.XXX.XXX.XXX:YYYY YYYY
nat 1 ip4 from any to any via igb1
I can provide the full set of rules if needed, but I think only those
two lines are relevant.
Does anybody please have any ideas on this, please?
Thanks for any help,
Graham
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
