General Questions

Hey everybody

I've been using m0n0wall running on a Soekris Net4501 here in the office for almost 2 years now. I have all three interfaces in use, they are as follows:

WAN - 208.65.xxx.xxx - Connects to our ISP
LAN - NAT'd, 192.168.1.x addresses. Used for desktops, etc
OPT1 (Called "servers" in my setup) - A /29 block of 208.65.xxx.xxx addresses is routed to this interface. All of my servers (Web, email, etc) are located on this subnet.

Our connection to the Internet runs right around 5-8 mbps, its a fixed wireless connection here in Manchester, NH. When accessing files on the SERVERS (OPT1) interface from a Comcast or some other high speed connection, its not uncommon to get 4 mbps when downloading from them.

The problem I am having, though, is that when going from any computer on the LAN to the servers on OPT1 (both up and down), I can only get about .5 - 1.0 mbps (50-110 Kbytes/s).

There is no traffic shaper enabled at this time, although I did attempt to configure several pipes and QoS settings to speed it up, no go.

It's not a pressing issue, since LAN computers don't use the servers for anything but email and DNS queries, the rest is all from the outside (coming in on the WAN interface, so there is no problem there) But it is frustrating as a network ops. manager, since its all in my private network

Anybody else ever heard of such a problem? Any ideas on how to resolve this issue?

Thanks much,
-Equin

Alright, performance seems to be even worse to the Internet now, I am still having trouble figuring out why =/

I get about 30-50 kbps downstream (and a little bit more up) on a 5 Mbit connection. Mind you, this is the interface that I route a /29 block of addresses to (I use the opt1 interface as the default gateway)

There is no traffic shaping enabled, the LAN interface gets great speed to the Internet, the LAN still gets poor speed to the opt1 interface.

I have upgraded to the most recent firmware in an attempt to correct this rather odd problem.

Any ideas anybody?

Thx much,
-Equin

first thing what you can do is have a look at the diagnostics page on the web interface of m0n0wall. how's the status of your mem / processor / interfaces? are there any collissions etc?

Status    up
MAC address    00:00:24:c5:xx:xx
IP address    208.65.17x.xxx 
Subnet mask    255.255.255.248
Media    10baseT/UTP
In/out packets    676047/768066 (352.92 MB/472.00 MB)
In/out errors    0/3727
Collisions    14995

Proc/memory look normal (20% memory usage, sub 10% proc at any given time)  This port goes to a Cabletron SS2200.. 10 Mbps switch. I am going to go ahead and order a replacement for it *sigh* I love my SS2200, though ;-)

Anyway - I am going to see if I have an extra 10/100 switch laying around to test in place of the 2200.

I guess what really gets me, though, is the fact that this sort of just started happening out of the blue. Before, I had no trouble with bandwidth. The reason I still have this 2200 in place is because we've never had the need to replace it - Internet connection is about 5 Mbps, which a 10 Mbps switch is more than OK handling =)

Thanks
-Equin

That looks like a 10 Mb hub, not switch. You'll get a little better performance if you have a switch since you'll be able to use full duplex and won't ever get collisions. But it's so small it's probably not even measurable.

If the CPU isn't pegged, you aren't maxing out the hardware. With a 4501, when you reach its limits you'll have the CPU pegged at 100%. The number of collisions is acceptable for the number of packets, that doesn't seem like an issue.

what about the stats on your other interfaces? You just showed for your WAN.

In/out errors    0/3727

what about the 3727 errors?

In/out errors    0/3727

what about the 3727 errors?

I did note that, and I'm not exactly sure what that's counting. I presume not collisions since that number is lower than the collisions, maybe things like CRC errors or something of that nature. But, it's 3727 out of 768,066 packets, that's only 0.485%. Hence not high enough to cause any significant performance problems.

Yeah, thats the same calculation that I came up with as well (Slightly different since it was awhile ago, but it was still under .4%) - The thing that I am somewhat confused about, still, and I keep going back to is that no configurations have changed :-/

Again, when I get a chance to test something, I am going to throw the 10/100 meg switch in place of the 10m SS2200 - I am wondering if these really are CRC errors or something similar that have always existed with the switch and the trouble is simply getting worse.

Will post back when I have done that...
-Eq