[OmniOS-discuss] Networking Performance Tips on HP Microserver N40L ?

Svavar Örn Eysteinsson svavar at januar.is
Wed Mar 26 17:12:45 UTC 2014 

No, the performance was a little shaky before, and after the ipf activation.
So I just disabled the firewall part.

The reason I activated the firewall is not for NAT, just to protect the box.
As I have configured my router to portmap some ports into the HP server,
and I use ipf to deny/accept by source.
As my stupid router firewall configuration never works.

The rules I used where :

# my HP server is 192.168.1.1
# anti spoofing rule
block in   log  quick on bge0  from 192.168.1.1  to any
#
# Allow everything on loopbak
# Rule  1 (lo0)
pass  in  quick on lo0 proto icmp  from any  to any keep state
pass  in  quick on lo0 proto tcp  from any  to any keep state
pass  in  quick on lo0 proto udp  from any  to any keep state
pass  in  quick on lo0  from any  to any
pass  out quick on lo0 proto icmp  from any  to any keep state
pass  out quick on lo0 proto tcp  from any  to any keep state
pass  out quick on lo0 proto udp  from any  to any keep state
pass  out quick on lo0  from any  to any
#
# Rule  2 (global)
# SSH Access to the host; useful ICMP
# types; ping request
pass  in  quick proto icmp  from any  to 192.168.1.1 icmp-type 3  keep state
pass  in  quick proto icmp  from any  to 192.168.1.1 icmp-type 0 code 0
 keep state
pass  in  quick proto icmp  from any  to 192.168.1.1 icmp-type 8 code 0
 keep state
pass  in  quick proto icmp  from any  to 192.168.1.1 icmp-type 11 code 0
 keep state
pass  in  quick proto icmp  from any  to 192.168.1.1 icmp-type 11 code 1
 keep state
#
# Rule  4 (global)
# Allow everything from these management hosts.
# blackbox:Policy:4: warning: Changing rule direction due to self reference
pass  in  quick proto icmp  from MANAGENETWORK_1  to 192.168.1.1 keep state
pass  in  quick proto icmp  from MANAGENETWORK_2  to 192.168.1.1 keep state
pass  in  quick proto icmp  from MANAGEHOST_1  to 192.168.1.1 keep state
pass  in  quick proto tcp  from MANAGENETWORK_1   to 192.168.1.1 keep state
pass  in  quick proto tcp  from MANAGENETWORK_2  to 192.168.1.1 keep state
pass  in  quick proto tcp  from MANAGEHOST_1  to 192.168.1.1 keep state
pass  in  quick proto udp  from MANAGENETWORK_1   to 192.168.1.1 keep state
pass  in  quick proto udp  from MANAGENETWORK_2  to 192.168.1.1 keep state
pass  in  quick proto udp  from MANAGEHOST_1  to 192.168.1.1 keep state
pass  in  quick  from MANAGENETWORK_1  to 192.168.1.1
pass  in  quick  from MANAGENETWORK_2  to 192.168.1.1
pass  in  quick  from MANAGEHOST_1  to 192.168.1.1
#
# Rule  5 (global)
# Allow everything from the HP Server itself
# blackbox:Policy:5: warning: Changing rule direction due to self reference
pass  out quick proto icmp  from 192.168.1.1  to any keep state
pass  out quick proto tcp  from 192.168.1.1  to any keep state
pass  out quick proto udp  from 192.168.1.1  to any keep state
pass  out quick  from 192.168.1.1  to any
#
# Rule  6 (global)
block in   log  quick  from any  to any
block out  log  quick  from any  to any
#
# Rule  fallback rule
#    fallback rule
block in  quick  from any  to any
block out quick  from any  to any




*SVAVAR ÖRN EYSTEINSSON*Kerfisstjóri
Gsm / mobile +354 862 1624
Sími / tel +354 531 0101


*Janúar markaðshús*www.januar.is / Facebook<http://facebook.com/viderumjanuar>



On 26 March 2014 16:01, Dan McDonald <danmcd at omniti.com> wrote:

>
> On Mar 26, 2014, at 11:47 AM, Svavar Örn Eysteinsson <svavar at januar.is>
> wrote:
>
> > Hello people.
> > I recently installed my first true NAS box at home, which is a HP
> Microserver N40L
> > with 16GB in RAM, 1x250GB for OS and 4x 2TB Enterprise SATA disks
> provided by HP in a RAIDZ.
> >
> > I'm using the newest/updated OmniOS v11 r151008 and also Napp-it and
> other services.
> > What I would like to know is, have there been any issues/problems and do
> people
> > have some performance tuning tips regarding networking issues on the
> BC5723 controller provided
> > by the HP Microserver ? It's the bge module/driver ?
> >
> > Sometimes I find the speeds to the BOX will rock up & down. I haven't
> configured
> > a gigabit network, thats on the plan this weekend. I have full-duplex
> and flowctrl enabled.
> > For an example, I noticed after building my small ipf firewall rules and
> enabled the firewall
> > the speed did go down, specially with CIFS and NFS(didn't test the AFP).
>
> Was performance okay pre-ipf?  If so, it's probably ipf that's tripping
> you up.
>
> > So, any performance tips out there ?
>
> I have to ask, are you using ipf to protect the box?  Or for NAT?  If just
> to protect the box, you may be able to use something NOT ipf to help you
> out, depending on the problem(s) you're trying to solve.
>
> Dan
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omniosce.org/ml-archive/attachments/20140326/99fd8f41/attachment-0001.html>

More information about the OmniOS-discuss mailing list