We're getting about 256Kbit/s absolute maximum through these boxes, whereas on the Ciscos we can sustain 8-10Mbit/s no problem in some tests, and burst much higher.
We've had multiple Shorewall setups and could get 8-10Mbit/s (link was 10Mbits) on a K6-500 with ~1000 rules. We get a 100Mbits on a Sempron 2400 with ~1000 rules. (Dual 100Mbit ethernet) As your cpu usage is rather low, you could be getting packet loss. We had an issue in the past with a upstream ethernet interface set at 10Mbit/Full duplex, but as the firewall could not negotiate, it defaulted to 10Mbit/Half duplex. We got about 5% packet loss in that scenario. -- ------------------------------------------------------------------------ Jean-Francois Pirus <jfp(a)clearfield.com> Senior Software Engineer Phone (+64-9) 358 2081 Clearfield Software Ltd Fax (+64-9) 358 2083 4th Floor 8-10 Whitaker Place Mob (+64-21) 640 779 P O Box 3901 Auckland, New Zealand ------------------------------------------------------------------------