I'm having throughput problems using a Soekris net4801 as a firewall
running OpenBSD 3.9. This is replacing a SonicWALL device that was
working fine from the user's perspective. (I want to replace it because,
among other things, I abhor SonicWALL's licensing). I won't post a
dmesg unless requested because I think this platform is pretty well
known. Hosts on the internal network are able to access the Internet
but report that access seems slow. Some operations fail consistently.
For example, users can send and receive e-mail e-mails but can't send
e-mail with attachments larger than about 20K. I ran a browser-based
ADSL speed test from an internal host and found download speeds to
be quite good but upload tests fail to complete.
I found a few similar problems in the archives but the posted solutions
haven't worked for me. I can't see that pf is blocking anything I want
passed. At the moment I am running a stripped down pf.conf as follows:
# DECLARATIONS:
Ext_If="sis0"
Int_If="sis1"
DMZ_If="sis2"
Int_Net="192.168.5.0/24"
# OPTIONS:
set loginterface $Ext_If
# NAT / REDIRECTION:
nat on $Ext_If from $Int_Net to any -> ($Ext_If)
rdr on $Ext_If inet proto tcp from any to ($Ext_If) port 3391 \
-> 192.168.5.1 port 3391
rdr on $Ext_If inet proto tcp from any to ($Ext_If) port 3392 \
-> 192.168.5.2 port 3392
I think I can rule out things like speed and duplex problems between the
Soekris and the local switch because the problem only affects outbound
traffic. I tried a few scrub options to no avail but may not have been doing
the right thing. I would really appreciate any suggestions on how to
troubleshoot this. If I can't get this resolved by Monday morning I'm going
to take some heat.
Thanks,
RPK.
