Dave Uhring wrote:

> On Mon, 19 Jul 2004 07:53:12 +0800, sam wrote:
>
> a top-post.
>
> Sam, if you keep doing that I'm going to killfile you.
>
what is wrong?

On Mon, 19 Jul 2004 08:58:21 +0800, sam wrote:

> Dave Uhring wrote:
>
>> On Mon, 19 Jul 2004 07:53:12 +0800, sam wrote:
>>
>> a top-post.
>>
>> Sam, if you keep doing that I'm going to killfile you.
>>
> what is wrong?

Top-posting is illogical and impolite. It puts the answer before the
question for one thing. It is contrary to RFC-1855 for another.

http://www.caliburn.nl/topposting.html

On Sat, 17 Jul 2004 16:30:59 -0700, Sean wrote:

> G'Day,
> Can anyone suggest a cause for the performance difference between a
> OBSD 3.5 pf firewall and a RH7.3 ipfilter firewall. The throughput
> performance on OBSD is a 10th of the throughput on the RH firewall.

There is no performance loss caused by using PF in OpenBSD. I just tested
that by downloading some current kernels from ftp3.usa.openbsd.org. First
one is with PF enabled, second with PF disabled:

bsd: 5.13 MB 254.24 kB/s
bsd.mp: 5.18 MB 254.37 kB/s

On Sat, 17 Jul 2004 16:30:59 -0700, Sean wrote:

> G'Day,
> Can anyone suggest a cause for the performance difference between a
> OBSD 3.5 pf firewall and a RH7.3 ipfilter firewall. The throughput
> performance on OBSD is a 10th of the throughput on the RH firewall.

Wait a minute here. I just noticed you claimed to run ipfilter on RH7.3.
You really are a hardcore troll, aren't you?

On 2004-07-19, sam <samwun@hgcbroadband.com> wrote:
> what is wrong?

Apart from your lack of care for posting etiqette, as Dave pointed out,
you also seem to like to comment more than you like to get your facts
right. You already have been killfiled for both reasons elsewhere. Be
nice enough to STFU and lurk more until you really do know what you're
talking about, instead of just being eager to help out; you're not
helping anybody by giving wrong answers. You're not ready for posting
yet by a long shot. Please be patient and refrain.


--
j p d (at) d s b (dot) t u d e l f t (dot) n l .

Dave Uhring <daveuhring@yahoo.com> wrote in message news:<pan.2004.07.19.02.11.50.783362@yahoo.com>...
> On Sat, 17 Jul 2004 16:30:59 -0700, Sean wrote:
>
> > G'Day,
> > Can anyone suggest a cause for the performance difference between a
> > OBSD 3.5 pf firewall and a RH7.3 ipfilter firewall. The throughput
> > performance on OBSD is a 10th of the throughput on the RH firewall.
>
> Wait a minute here. I just noticed you claimed to run ipfilter on RH7.3.
> You really are a hardcore troll, aren't you?

I stand corrected. The first message indicated that I was running
ipfilter. I did run an ipfilter firewall but made the switch to
iptables. I checked and confirmed the RH is running an iptables
firewall. Some people collect shoes. I collect firewalls

sean

On Mon, 19 Jul 2004 03:23:23 -0700, Sean wrote:

> I stand corrected. The first message indicated that I was running
> ipfilter. I did run an ipfilter firewall but made the switch to
> iptables. I checked and confirmed the RH is running an iptables
> firewall. Some people collect shoes. I collect firewalls

You didn't collect an ipfilter firewall on any Linux distro.

In article <ff2c981a.0407171530.6484a30e@posting.google.com >, seconway@mts.net
says...
> G'Day,
> Can anyone suggest a cause for the performance difference between a
> OBSD 3.5 pf firewall and a RH7.3 ipfilter firewall. The throughput
> performance on OBSD is a 10th of the throughput on the RH firewall.
>
> I have tried running the OBSD firewall wideopen and it does not change
> the problem. I have tried OBSD on 233Mhz to 450mhz and still the same
> issue.

Go to www.dslreports.com and navigate to Tools, then Tweak test. Run that on the
two firewalls and it will tell you what is different. I believe that PF on your
hardware should not impose a performance limitation.

George

On 18 Jul 2004 16:31:16 -0700, Sean wrote:

> Internet: DSL using PPPOE

That might be the explanation, if you're doing PPPoE on the same
box. PPPoE is known to suck on OpenBSD. Try disabling pf and
compare performance. If there is no difference, enable pf on
a separate box behind the PPPoE gateway. If the bottleneck is
PPPoE, there's no point in tweaking pf

Daniel

seconway@mts.net (Sean) writes:

> Greg Hennessy <me@privacy.net> wrote in message news:<tnekf0pf9s4m4hfoer7mpee4n0cknumt2j@4ax.com>. ..
> [...]
> PPP.CONF
> default:
> set log all Phase Chat LCP IPCP CCP tun command

I've never used 'log all' so far, but according to the manpage this
logs each and every packet... did you try without "all"?

Regarding Daniel's hint on pppoe performance: pppoe does suck, but it
doesn't seem to perform that bad. At full d/l speed on a 1Mbps line
like you have, pppoe takes far below 5% of cpu on my machine, which is
much slower than yours (100 MHz i386).

/alex