I did some experimentation before noticing your message...

Using some extra hardware I had lying around, I replaced the firewall's 
CPU and motherboard.  It is now an Athlon 64 2800+ with 512 MB RAM 
(completely unnecessary, I know, but it was the only compatible memory I 
had).

I can now move about 250-260 MBits/sec between subnets.  When polling is 
on, CPU utilization at this speed is 1%, and off, about 60%; throughput 
seems unaffected.

I'm not thoroughly convinced that the bus is the limiting factor here. 
The statistics above were between my file server (on DMZ) and my desktop 
(on LAN).  The file server is an Atom-based FreeBSD 8.2 machine with a 
Pro/1000 card (single, not dual) attached to its PCI bus, and between it 
and another server on the DMZ, I can move about 800 Mbits/sec.  Now, I 
get that any data going between subnets needs to hit the firewall's PCI 
bus twice, but if the bus on the file server can move 800 Mbits, I would 
expect the firewall to be able to route somewhere in the 400 Mbit range.

It should also be noted that polling was _off_ on the file server. 
Interestingly, turning it on slows the throughput on the same subnet to 
375 Mbits/sec.

-- James L. Lauser
    james at jlauser dot net
    http://jlauser.net/

On 05/01/2011 05:16 PM, Chris Boot wrote:
> James,
>
> On 1 May 2011, at 21:56, James L. Lauser wrote:
>
>> Ah, that would make sense, then.  The machine does only have a PCI bus.  So if that's the case,
is my only real option to upgrade to a faster CPU?
>
> No, your only option is to upgrade to a machine with a faster PCI bus. Something like PCI-X (now
obsolete) or PCIe. If you want low power you could probably go for an Intel Atom board or similar.
>
> Chris
>