Firewall/NAT

I am running m0n0wall 1.33 on an Alix.2D3 board, but the problem is that I am getting a maximum of 14 mbps throughput. If I plug directly into the back of my modem I get on average 42 mbps. Both of these readings are from the same PC and through a wired connection. I'm sure this is a problem with my configuration, but I can't find it. I am attaching the XML configuration and if there are any suggestions they would be greatly appreciated.

I am running m0n0wall 1.33 on an Alix.2D3 board, but the problem is that I am getting a maximum of 14 mbps throughput. If I plug directly into the back of my modem I get on average 42 mbps. Both of these readings are from the same PC and through a wired connection. I'm sure this is a problem with my configuration, but I can't find it. I am attaching the XML configuration and if there are any suggestions they would be greatly appreciated.

Hey! Remove all the passwords from the config! Especially the plaintext ones!

PS: Login to the m0n0 box and check for frame errors on some of the interfaces (Status>Interfaces). Also You could do an output of dmesg and post it. Don't forget to check the CPU usage during the throughput test that info is needed too.

Are you talking about 'normal' throughput or VPN throughput? Because 14 mbps VPN throughput is pretty much the amount that you'll get.

I'm just guessing that you mean VPN throughput because it's activated in your config file. And there is nothing else at the first glance that would have a major impact on m0n0walls performance.

I should have looked at the config before I posted it. Anyways, I am talking about normal throughput. The VPN setup you see is disabled because I thought that might be the problem. When I get back home I'll check the logs and see what I can find as far as frame errors.

I did as suggested by Јаневски and ran dmesg and the only output is "vr2: watchdog timeout" over and over again. I also ran a couple of speed tests and the maximum CPU usage I got was 12%.

Watchdog timeouts have been a problem for me in the past with certain hardware/m0n0wall version combinations. I have never been able to solve them other than by moving on to other hardware.

I removed the vr2 interface since I wasn't using and which prompted a reboot. I then reran the dmesg command and the output is as follows.

$ dmesg
Copyright (c) 1992-2008 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
   The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 6.4-RELEASE-p5 #0: Sun Jan  9 22:24:57 CET 2011
    root@mb64.neon1.net:/usr/src/sys/i386/compile/M0N0WALL_EMBEDDED
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Geode(TM) Integrated Processor by AMD PCS (498.05-MHz 586-class CPU)
  Origin = "AuthenticAMD"  Id = 0x5a2  Stepping = 2
  Features=0x88a93d<FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CLFLUSH,MMX>
  AMD Features=0xc0400000<MMX+,3DNow!+,3DNow!>
real memory  = 268435456 (256 MB)
avail memory = 236531712 (225 MB)
pnpbios: Bad PnP BIOS data checksum
wlan: mac acl policy registered
K6-family MTRR support enabled (2 registers)
ath_hal: 0.9.20.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
cpu0 on motherboard
pcib0: <Host to PCI bridge> pcibus 0 on motherboard
pci0: <PCI bus> on pcib0
Geode LX: PC Engines ALIX.2 v0.99h tinyBIOS V1.4a (C)1997-2007
pci0: <encrypt/decrypt, entertainment crypto> at device 1.2 (no driver attached)
vr0: <VIA VT6105M Rhine III 10/100BaseTX> port 0x1000-0x10ff mem 0xe0000000-0xe00000ff irq 10 at device 9.0 on pci0
vr0: Quirks: 0x2
miibus0: <MII bus> on vr0
ukphy0: <Generic IEEE 802.3u media interface> on miibus0
ukphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
vr0: Ethernet address: 00:0d:b9:12:e8:d4
vr1: <VIA VT6105M Rhine III 10/100BaseTX> port 0x1400-0x14ff mem 0xe0040000-0xe00400ff irq 11 at device 10.0 on pci0
vr1: Quirks: 0x2
miibus1: <MII bus> on vr1
ukphy1: <Generic IEEE 802.3u media interface> on miibus1
ukphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
vr1: Ethernet address: 00:0d:b9:12:e8:d5
vr2: <VIA VT6105M Rhine III 10/100BaseTX> port 0x1800-0x18ff mem 0xe0080000-0xe00800ff irq 15 at device 11.0 on pci0
vr2: Quirks: 0x2
miibus2: <MII bus> on vr2
ukphy2: <Generic IEEE 802.3u media interface> on miibus2
ukphy2:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
vr2: Ethernet address: 00:0d:b9:12:e8:d6
isab0: <PCI-ISA bridge> port 0x6000-0x6007,0x6100-0x61ff,0x6200-0x623f,0x9d00-0x9d7f,0x9c00-0x9c3f at device 15.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <AMD CS5536 UDMA100 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xff00-0xff0f at device 15.2 on pci0
ata0: <ATA channel 0> on atapci0
ata1: <ATA channel 1> on atapci0
ohci0: <OHCI (generic) USB controller> mem 0xefffe000-0xefffefff irq 12 at device 15.4 on pci0
ohci0: [GIANT-LOCKED]
usb0: OHCI version 1.0, legacy support
usb0: <OHCI (generic) USB controller> on ohci0
usb0: USB revision 1.0
uhub0: AMD OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 4 ports with 4 removable, self powered
ehci0: <AMD CS5536 USB 2.0 controller> mem 0xefffd000-0xefffdfff irq 12 at device 15.5 on pci0
ehci0: [GIANT-LOCKED]
usb1: EHCI version 1.0
usb1: companion controller, 4 ports each: usb0
usb1: <AMD CS5536 USB 2.0 controller> on ehci0
usb1: USB revision 2.0
uhub1: AMD EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
uhub1: 4 ports with 4 removable, self powered
pmtimer0 on isa0
orm0: <ISA Option ROM> at iomem 0xe0000-0xea7ff on isa0
sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
sio0: type 16550A, console
sio1 at port 0x2f8-0x2ff irq 3 on isa0
sio1: type 16550A
Timecounter "TSC" frequency 498054111 Hz quality 800
Timecounters tick every 1.000 msec
Fast IPsec: Initialized Security Association Processing.
IP Filter: v4.1.33 initialized.  Default = block all, Logging = enabled
md0: Preloaded image </mfsroot> 16777216 bytes at 0xc086b0e8
ad0: 488MB <SanDisk SDCFJ-512 HDX 4.03> at ata0-master PIO4
Trying to mount root from ufs:/dev/md0

The CPU is fine at 12% and the dmesg seems okay too.

Is the problem still present with vr2 removed and connected through other interface?

I've once had such watchdog timeout problems with VIA Rhine II interface but i haven't noticed any performance degradation.

My guess for now is NIC related problem.

The performance never changed after I removed that interface. Too bad this board is out of warranty or I'd replace it. Thanks for everybody's help.

Maybe i'm talking nonsense but could You please try System>Advanced Setup>Use device polling enable?

Just tried it. No change even after a reboot.

ifup.sh
----
#!/bin/sh
while [ 1 -eq 1 ]
do
sleep 20
ifconfig vr0 up
ifconfig vr1 up
ifconfig vr2 up
done
exit
----
Save the file as ifup.sh.

You could try going to /exec.php then:
upload ifup.sh
chmod 0777 /tmp/ifup.sh
sh /tmp/ifup.sh > /dev/null &

It is a script that enters a while loop and waits 20 seconds then executes ifconfig vr0 up ifconfig vr1 up ifconfig vr2 up.

The changes won't be permanent and will be lost on next reboot.

If You are willing to try this then it's better to be near the machine, just in case something goes wrong so You could reboot it manually.

After script execution check if the watchdog messages are still arriving and the speed problem is still there.

PS: If that one does not work, You could try:
ifup.sh
----
#!/bin/sh
while [ 1 -eq 1 ]
do
sleep 60
ifconfig vr0 down
ifconfig vr0 up
ifconfig vr1 down
ifconfig vr1 up
ifconfig vr2 down
ifconfig vr2 up
done
exit
----
It's basically the same thing however it explicitly puts down the interface before putting it up, and does this every 60 seconds.
However putting an interface down has it's own downsides...

In any case, no changes are permanent and be there so You could do a manual reboot if you lose connectivity.

PPS: After script execution let it work 5 or 10 min check results and do some tests.

How are you testing throughput ? Is it a single http download ?

Also, what client operating system are you using ?

brushedmoss, my ISP is Charter so I'm using their speedtest.charter.com as well as speedtest.net. I'm also looking at transfer speeds with torrents and direct http downloads. Thankfully they are very consistent as far as top speeds go. My client OS is Windows 7. Let me know if there is any other information that you need.