On Jun 14, 2016, at 8:50 PM, Jed Clear <cl...@alum.mit.edu> wrote: On Jun 9, 2016, at 11:01 PM, Andrew Atrens <and...@atrens.ca> wrote: > On 2016-06-09 8:47 PM, Jed Clear wrote: >>> Thanks for the replies so far. Looks like I’ll have to wait until Saturday >>> to test further. Starting with an L2 bridge seems like a good baseline to >>> try. Although will probably take the easier step of just NAT w/o rules >>> first. >> At it's most basic, an l2 bridge can be created using - >> >> ifconfig bridge0 create >> ifconfig bridge0 addm vr0 addm vr1 up > > Had an interesting time getting this working. First no “device if_bridge” in > my kernel (and nanobsd set to not install any kernel modules). Installed a > new kernel and configured the bridge. But can’t DHCP across the bridge0. > Finally had to directly attach the laptop to cable modem, let it DHCP and > then reinstall the net5501 bridge. At that point I was able to download at > 83. While directly connected to do the DHCP, the same test got 90. But was > GbE to the cable modem. So I’m thinking 83 is pretty good for 100BASE-T > interfaces. > > The bridge test didn’t come off until now because I’d forgotten a few real > life things I had to do. But I did do some more thinking and googling during > the time away. I don’t think I mentioned that I’m still set up to do NAT > with natd and ipfw divert. Got to thinking that switching in and out of the > kernel context a few times a packet might not be too good for throughput. So > next I’m going to see if I can change that over to ipfw kernel NAT. Don’t > even recall that there was a kernel nat option when I first set this up, > many, many moons ago. Probably have to add another kernel option….
Of course it required a new kernel option. In fact it required two. I will spare you the tale of figuring the second one out. As many have commented on other boards, ipfw kernel NAT is not well documented. But it was worth it. I now get 82 Mbps download through the 5501, with essentially the same firewall rule set. I did drop dummynet and the inbound server NAT rules as I no longer have a static IP and I haven’t decided if I’m going the dynDNS course or sign up for external hosting/VPS/cloud. And I believe inbound FTP will no longer be an an option as the “punch” dynamic rules only work with natd. But FTP is no loss. -Jed _______________________________________________ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
