thr3ads.net - Shorewall users - Speed issue [Sep 2005]

If this information is useful, please help other people find it:
Share via:

Sasa Stupar

2005-Sep-22 07:34 UTC

Speed issue

Hi!

I have SW running on FC3 with 3 NIC. I have recently moved another server 
(ftp) from LAN to DMZ. But on my surprise the speed to download or upload 
to the server has reduced to max of 40% of previous. My network is 100Mbit. 
Previously I had almost 10 MBytes/s transfer from or to the server but now 
I barelly reach 4 MB/s.
Is this some issue with the shorewall or what? BTW, I use on both networks 
switches and not hubs.

Regards,
Sasa

Cristian Rodriguez

2005-Sep-22 08:06 UTC

head link

Re: Speed issue

Sasa Stupar wrote:

> Is this some issue with the shorewall or what?
No.

 BTW, I use on both> networks switches and not hubs.
>
> Regards,
> Sasa
please start an ftp transfer and submit the information required to get
a clue about what can be happening.

read http://www.shorewall.net/support.htm#Guidelines

I forgot my magic cristal ball in my recent trip to india.. :-P




--
Cristian Rodriguez R.
perl -e
''$_=pack(c5,0105,0107,0123,0132,(1<<3)+2);y[A-Z][N-ZA-M];print;''

Sasa Stupar

2005-Sep-22 08:28 UTC

head link

Re: Speed issue

--On 22. september 2005 4:06 -0400 Cristian Rodriguez 
<judas_iscariote@shorewall.net> wrote:
> Sasa Stupar wrote:
>
>
>> Is this some issue with the shorewall or what?
>
> No.
>
>  BTW, I use on both
>> networks switches and not hubs.
>>
>> Regards,
>> Sasa
>
> please start an ftp transfer and submit the information required to get
> a clue about what can be happening.
>
> read http://www.shorewall.net/support.htm#Guidelines
>
> I forgot my magic cristal ball in my recent trip to india.. :-P
>
>
>
>
> --
> Cristian Rodriguez R.
> perl -e
''$_=pack(c5,0105,0107,0123,0132,(1<<3)+2);y[A-Z][N-ZA-M];print;''


Here it is attached shorewall status after initiating ftp transfer.

Regards,
Sasa

Rouke de Jong

2005-Sep-22 09:13 UTC

head link

RE: Speed issue

My experience is that when you have more the none switch in your network
between the client and the host, do not use the "MAC address match
support"
in the kernel, as it slows the connection down by a great order.

Rouke

-----Oorspronkelijk bericht-----
Van: shorewall-users-admin@lists.sourceforge.net
[mailto:shorewall-users-admin@lists.sourceforge.net] Namens Sasa Stupar
Verzonden: donderdag 22 september 2005 10:29
Aan: shorewall-users@lists.sourceforge.net
Onderwerp: Re: [Shorewall-users] Speed issue



--On 22. september 2005 4:06 -0400 Cristian Rodriguez 
<judas_iscariote@shorewall.net> wrote:
> Sasa Stupar wrote:
>
>
>> Is this some issue with the shorewall or what?
>
> No.
>
>  BTW, I use on both
>> networks switches and not hubs.
>>
>> Regards,
>> Sasa
>
> please start an ftp transfer and submit the information required to get
> a clue about what can be happening.
>
> read http://www.shorewall.net/support.htm#Guidelines
>
> I forgot my magic cristal ball in my recent trip to india.. :-P
>
>
>
>
> --
> Cristian Rodriguez R.
> perl -e
''$_=pack(c5,0105,0107,0123,0132,(1<<3)+2);y[A-Z][N-ZA-M];print;''


Here it is attached shorewall status after initiating ftp transfer.

Regards,
Sasa



-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache''s Geronimo App Server.
Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php

Sasa Stupar

2005-Sep-22 10:17 UTC

head link

RE: Speed issue

Can you explain how to disable this?

Sasa

--On 22. september 2005 11:13 +0200 Rouke de Jong <roukedejong@gmail.com> 
wrote:
> My experience is that when you have more the none switch in your network
> between the client and the host, do not use the "MAC address match
> support" in the kernel, as it slows the connection down by a great
order.
>
> Rouke
>
> -----Oorspronkelijk bericht-----
> Van: shorewall-users-admin@lists.sourceforge.net
> [mailto:shorewall-users-admin@lists.sourceforge.net] Namens Sasa Stupar
> Verzonden: donderdag 22 september 2005 10:29
> Aan: shorewall-users@lists.sourceforge.net
> Onderwerp: Re: [Shorewall-users] Speed issue
>
>
>
> --On 22. september 2005 4:06 -0400 Cristian Rodriguez
> <judas_iscariote@shorewall.net> wrote:
>
>> Sasa Stupar wrote:
>>
>>
>>> Is this some issue with the shorewall or what?
>>
>> No.
>>
>>  BTW, I use on both
>>> networks switches and not hubs.
>>>
>>> Regards,
>>> Sasa
>>
>> please start an ftp transfer and submit the information required to get
>> a clue about what can be happening.
>>
>> read http://www.shorewall.net/support.htm#Guidelines
>>
>> I forgot my magic cristal ball in my recent trip to india.. :-P
>>
>>
>>
>>
>> --
>> Cristian Rodriguez R.
>> perl -e
''$_=pack(c5,0105,0107,0123,0132,(1<<3)+2);y[A-Z][N-ZA-M];print;''
>
>
>
> Here it is attached shorewall status after initiating ftp transfer.
>
> Regards,
> Sasa
>
>
>
> -------------------------------------------------------
> SF.Net email is sponsored by:
> Tame your development challenges with Apache''s Geronimo App
Server.
> Download it for free - -and be entered to win a 42" plasma tv or your
> very own Sony(tm)PSP.  Click here to play:
> http://sourceforge.net/geronimo.php
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users

Rouke de Jong

2005-Sep-22 14:21 UTC

head link

RE: Speed issue

Sure, if make a kernel compile you can choose at the iptables option whether
to use "MAC address match support" or not, If you want to use it, you
can
choose whether to compile it into the kernel of to make it as a module. If
you''ve compiled it as a module, it should be listed somewhere in
/lib/modules/KERNELVERSION/kernel/net/ipv4/netfilter. If not, it could be
compiled into the kernel. A new kernel compile should do the trick.

-----Oorspronkelijk bericht-----
Van: shorewall-users-admin@lists.sourceforge.net
[mailto:shorewall-users-admin@lists.sourceforge.net] Namens Sasa Stupar
Verzonden: donderdag 22 september 2005 12:17
Aan: shorewall-users@lists.sourceforge.net
Onderwerp: RE: [Shorewall-users] Speed issue

Can you explain how to disable this?

Sasa

--On 22. september 2005 11:13 +0200 Rouke de Jong <roukedejong@gmail.com> 
wrote:
> My experience is that when you have more the none switch in your network
> between the client and the host, do not use the "MAC address match
> support" in the kernel, as it slows the connection down by a great
order.
>
> Rouke
>
> -----Oorspronkelijk bericht-----
> Van: shorewall-users-admin@lists.sourceforge.net
> [mailto:shorewall-users-admin@lists.sourceforge.net] Namens Sasa Stupar
> Verzonden: donderdag 22 september 2005 10:29
> Aan: shorewall-users@lists.sourceforge.net
> Onderwerp: Re: [Shorewall-users] Speed issue
>
>
>
> --On 22. september 2005 4:06 -0400 Cristian Rodriguez
> <judas_iscariote@shorewall.net> wrote:
>
>> Sasa Stupar wrote:
>>
>>
>>> Is this some issue with the shorewall or what?
>>
>> No.
>>
>>  BTW, I use on both
>>> networks switches and not hubs.
>>>
>>> Regards,
>>> Sasa
>>
>> please start an ftp transfer and submit the information required to get
>> a clue about what can be happening.
>>
>> read http://www.shorewall.net/support.htm#Guidelines
>>
>> I forgot my magic cristal ball in my recent trip to india.. :-P
>>
>>
>>
>>
>> --
>> Cristian Rodriguez R.
>> perl -e
''$_=pack(c5,0105,0107,0123,0132,(1<<3)+2);y[A-Z][N-ZA-M];print;''
>
>
>
> Here it is attached shorewall status after initiating ftp transfer.
>
> Regards,
> Sasa
>
>
>
> -------------------------------------------------------
> SF.Net email is sponsored by:
> Tame your development challenges with Apache''s Geronimo App
Server.
> Download it for free - -and be entered to win a 42" plasma tv or your
> very own Sony(tm)PSP.  Click here to play:
> http://sourceforge.net/geronimo.php
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users





-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache''s Geronimo App Server.
Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php

Sasa Stupar

2005-Sep-22 16:10 UTC

head link

RE: Speed issue

--On 22. september 2005 16:21 +0200 Rouke de Jong <roukedejong@gmail.com> 
wrote:
> Sure, if make a kernel compile you can choose at the iptables option
> whether to use "MAC address match support" or not, If you want to
use it,
> you can choose whether to compile it into the kernel of to make it as a
> module. If you''ve compiled it as a module, it should be listed
somewhere
> in /lib/modules/KERNELVERSION/kernel/net/ipv4/netfilter. If not, it could
> be compiled into the kernel. A new kernel compile should do the trick.
>

Do you by any chance know the name of the module? I have bunch of modules 
under netfilter folder:
-------------
-rwxr--r--  1 root root  4940 Aug 27 06:06 arptable_filter.ko
-rwxr--r--  1 root root 16856 Aug 27 06:06 arp_tables.ko
-rwxr--r--  1 root root  3956 Aug 27 06:06 arpt_mangle.ko
-rwxr--r--  1 root root  7432 Aug 27 06:06 ip_conntrack_amanda.ko
-rwxr--r--  1 root root  9936 Aug 27 06:06 ip_conntrack_ftp.ko
-rwxr--r--  1 root root  9428 Aug 27 06:06 ip_conntrack_irc.ko
-rwxr--r--  1 root root 50340 Aug 27 06:06 ip_conntrack.ko
-rwxr--r--  1 root root 10008 Aug 27 06:06 ip_conntrack_proto_sctp.ko
-rwxr--r--  1 root root  6152 Aug 27 06:06 ip_conntrack_tftp.ko
-rwxr--r--  1 root root  4040 Aug 27 06:06 ip_nat_amanda.ko
-rwxr--r--  1 root root  5320 Aug 27 06:06 ip_nat_ftp.ko
-rwxr--r--  1 root root  4540 Aug 27 06:06 ip_nat_irc.ko
-rwxr--r--  1 root root 14072 Aug 27 06:06 ip_nat_snmp_basic.ko
-rwxr--r--  1 root root  3436 Aug 27 06:06 ip_nat_tftp.ko
-rwxr--r--  1 root root 14096 Aug 27 06:06 ip_queue.ko
-rwxr--r--  1 root root  5872 Aug 27 06:06 iptable_filter.ko
-rwxr--r--  1 root root  5832 Aug 27 06:06 iptable_mangle.ko
-rwxr--r--  1 root root 27604 Aug 27 06:06 iptable_nat.ko
-rwxr--r--  1 root root  4224 Aug 27 06:06 iptable_raw.ko
-rwxr--r--  1 root root 26112 Aug 27 06:06 ip_tables.ko
-rwxr--r--  1 root root  3624 Aug 27 06:06 ipt_addrtype.ko
-rwxr--r--  1 root root  3492 Aug 27 06:06 ipt_ah.ko
-rwxr--r--  1 root root  3820 Aug 27 06:06 ipt_CLASSIFY.ko
-rwxr--r--  1 root root 11376 Aug 27 06:06 ipt_CLUSTERIP.ko
-rwxr--r--  1 root root  3160 Aug 27 06:06 ipt_comment.ko
-rwxr--r--  1 root root  3160 Aug 27 06:06 ipt_connmark.ko
-rwxr--r--  1 root root  3804 Aug 27 06:06 ipt_CONNMARK.ko
-rwxr--r--  1 root root  4096 Aug 27 06:06 ipt_conntrack.ko
-rwxr--r--  1 root root  3152 Aug 27 06:06 ipt_dscp.ko
-rwxr--r--  1 root root  4144 Aug 27 06:06 ipt_DSCP.ko
-rwxr--r--  1 root root  3732 Aug 27 06:06 ipt_ecn.ko
-rwxr--r--  1 root root  5032 Aug 27 06:06 ipt_ECN.ko
-rwxr--r--  1 root root  3496 Aug 27 06:06 ipt_esp.ko
-rwxr--r--  1 root root 15772 Aug 27 06:06 ipt_hashlimit.ko
-rwxr--r--  1 root root  3544 Aug 27 06:06 ipt_helper.ko
-rwxr--r--  1 root root  3284 Aug 27 06:06 ipt_iprange.ko
-rwxr--r--  1 root root  3156 Aug 27 06:06 ipt_length.ko
-rwxr--r--  1 root root  5068 Aug 27 06:06 ipt_limit.ko
-rwxr--r--  1 root root 11368 Aug 27 06:06 ipt_LOG.ko
-rwxr--r--  1 root root  3448 Aug 27 06:06 ipt_mac.ko
-rwxr--r--  1 root root  3152 Aug 27 06:06 ipt_mark.ko
-rwxr--r--  1 root root  4272 Aug 27 06:06 ipt_MARK.ko
-rwxr--r--  1 root root  5216 Aug 27 06:06 ipt_MASQUERADE.ko
-rwxr--r--  1 root root  4316 Aug 27 06:06 ipt_multiport.ko
-rwxr--r--  1 root root  3580 Aug 27 06:06 ipt_NETMAP.ko
-rwxr--r--  1 root root  3648 Aug 27 06:06 ipt_NOTRACK.ko
-rwxr--r--  1 root root  7152 Aug 27 06:06 ipt_owner.ko
-rwxr--r--  1 root root  3768 Aug 27 06:06 ipt_physdev.ko
-rwxr--r--  1 root root  3160 Aug 27 06:06 ipt_pkttype.ko
-rwxr--r--  1 root root  3580 Aug 27 06:06 ipt_realm.ko
-rwxr--r--  1 root root 20572 Aug 27 06:06 ipt_recent.ko
-rwxr--r--  1 root root  3600 Aug 27 06:06 ipt_REDIRECT.ko
-rwxr--r--  1 root root  7564 Aug 27 06:06 ipt_REJECT.ko
-rwxr--r--  1 root root  4072 Aug 27 06:06 ipt_SAME.ko
-rwxr--r--  1 root root  4588 Aug 27 06:06 ipt_sctp.ko
-rwxr--r--  1 root root  3416 Aug 27 06:06 ipt_state.ko
-rwxr--r--  1 root root  3872 Aug 27 06:06 ipt_tcpmss.ko
-rwxr--r--  1 root root  6124 Aug 27 06:06 ipt_TCPMSS.ko
-rwxr--r--  1 root root  3120 Aug 27 06:06 ipt_tos.ko
-rwxr--r--  1 root root  4144 Aug 27 06:06 ipt_TOS.ko
-rwxr--r--  1 root root  3440 Aug 27 06:06 ipt_ttl.ko
-rwxr--r--  1 root root 10928 Aug 27 06:06 ipt_ULOG.ko
--------------

Regards,
Sasa

Tom Eastep

2005-Sep-22 16:11 UTC

head link

Re: Speed issue

On Thursday 22 September 2005 00:34, Sasa Stupar wrote:> Hi!
>
> I have SW running on FC3 with 3 NIC. I have recently moved another server
> (ftp) from LAN to DMZ. But on my surprise the speed to download or upload
> to the server has reduced to max of 40% of previous. My network is 100Mbit.
> Previously I had almost 10 MBytes/s transfer from or to the server but now
> I barelly reach 4 MB/s.
> Is this some issue with the shorewall or what? BTW, I use on both networks
> switches and not hubs.
These usually turn out to be a problem with the physical network or a driver 
although I didn''t see a high error rate in the "shorewall
status" output that
you posted.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Jaap Eldering

2005-Sep-22 16:35 UTC

head link

Re: Speed issue

On Thu, Sep 22, 2005 at 06:10:45PM +0200, Sasa Stupar
wrote:> --On 22. september 2005 16:21 +0200 Rouke de Jong
<roukedejong@gmail.com>
> wrote:
> 
> >Sure, if make a kernel compile you can choose at the iptables option
> >whether to use "MAC address match support" or not, If you
want to use it,
> >you can choose whether to compile it into the kernel of to make it as a
> >module. If you''ve compiled it as a module, it should be listed
somewhere
> >in /lib/modules/KERNELVERSION/kernel/net/ipv4/netfilter. If not, it
could
> >be compiled into the kernel. A new kernel compile should do the trick.
> 
> Do you by any chance know the name of the module? I have bunch of modules 
> under netfilter folder:
> -------------
This is the one you (don''t) need:
> -rwxr--r--  1 root root  3448 Aug 27 06:06 ipt_mac.ko
Regards,
Jaap Eldering

Sasa Stupar

2005-Sep-22 16:56 UTC

head link

Re: Speed issue

--On 22. september 2005 18:35 +0200 Jaap Eldering <eldering@phys.uu.nl> 
wrote:
> On Thu, Sep 22, 2005 at 06:10:45PM +0200, Sasa Stupar wrote:
>> --On 22. september 2005 16:21 +0200 Rouke de Jong
>> <roukedejong@gmail.com>  wrote:
>>
>> > Sure, if make a kernel compile you can choose at the iptables
option
>> > whether to use "MAC address match support" or not, If
you want to use
>> > it, you can choose whether to compile it into the kernel of to
make it
>> > as a module. If you''ve compiled it as a module, it should
be listed
>> > somewhere in /lib/modules/KERNELVERSION/kernel/net/ipv4/netfilter.
If
>> > not, it could be compiled into the kernel. A new kernel compile
should
>> > do the trick.
>>
>> Do you by any chance know the name of the module? I have bunch of
>> modules  under netfilter folder:
>> -------------
>
> This is the one you (don''t) need:
>
>> -rwxr--r--  1 root root  3448 Aug 27 06:06 ipt_mac.ko
>
> Regards,
> Jaap Eldering


OK, so if I don''t load it, it isn''t there, wright? Or is it
loaded
automatically on each boot?

Regards,
Sasa

Sasa Stupar

2005-Sep-22 16:56 UTC

head link

Re: Speed issue

--On 22. september 2005 9:11 -0700 Tom Eastep <teastep@shorewall.net>
wrote:
> On Thursday 22 September 2005 00:34, Sasa Stupar wrote:
>> Hi!
>>
>> I have SW running on FC3 with 3 NIC. I have recently moved another
server
>> (ftp) from LAN to DMZ. But on my surprise the speed to download or
upload
>> to the server has reduced to max of 40% of previous. My network is
>> 100Mbit. Previously I had almost 10 MBytes/s transfer from or to the
>> server but now I barelly reach 4 MB/s.
>> Is this some issue with the shorewall or what? BTW, I use on both
>> networks switches and not hubs.
>
> These usually turn out to be a problem with the physical network or a
> driver  although I didn''t see a high error rate in the
"shorewall status"
> output that  you posted.
>
> -Tom

Driver is the same (I have changed only IP). The network (cable) is the 
same since the server is on the same place as before (only unplug from one 
switch and plug into another).

Regards,
Sasa

Sasa Stupar

2005-Sep-22 17:03 UTC

head link

Re: Speed issue

--On 22. september 2005 18:56 +0200 Sasa Stupar
<sasa@stupar.homelinux.net>
wrote:
>
>
> --On 22. september 2005 9:11 -0700 Tom Eastep <teastep@shorewall.net>
> wrote:
>
>> On Thursday 22 September 2005 00:34, Sasa Stupar wrote:
>>> Hi!
>>>
>>> I have SW running on FC3 with 3 NIC. I have recently moved another
>>> server (ftp) from LAN to DMZ. But on my surprise the speed to
download
>>> or upload to the server has reduced to max of 40% of previous. My
>>> network is 100Mbit. Previously I had almost 10 MBytes/s transfer
from
>>> or to the server but now I barelly reach 4 MB/s.
>>> Is this some issue with the shorewall or what? BTW, I use on both
>>> networks switches and not hubs.
>>
>> These usually turn out to be a problem with the physical network or a
>> driver  although I didn''t see a high error rate in the
"shorewall status"
>> output that  you posted.
>>
>> -Tom
>
>
> Driver is the same (I have changed only IP). The network (cable) is the
> same since the server is on the same place as before (only unplug from
> one switch and plug into another).
>
> Regards,
> Sasa

In fact, I have connected with my pc to the DMZ and make ftp transfer - 
this time the speed is almost 10 MB/s. So the problem lies on the router 
itself?

Regards,
Sasa

Brent Schwartz

2005-Sep-22 17:04 UTC

head link

Re: Speed issue

Just a thought, have you checked to see it the network card is auto  
negotiating the correct speed, if not manually set the speed on the  
nic appropriately or try another nic.  I seen some equipment both  
said to be 10/100 auto to be unable to properly negotiate the speed  
resulting in very poor connectivity. ,Brent

On Sep 22, 2005, at 11:56 AM, Sasa Stupar wrote:
>
>
> --On 22. september 2005 9:11 -0700 Tom Eastep  
> <teastep@shorewall.net> wrote:
>
>
>> On Thursday 22 September 2005 00:34, Sasa Stupar wrote:
>>
>>> Hi!
>>>
>>> I have SW running on FC3 with 3 NIC. I have recently moved  
>>> another server
>>> (ftp) from LAN to DMZ. But on my surprise the speed to download  
>>> or upload
>>> to the server has reduced to max of 40% of previous. My network is
>>> 100Mbit. Previously I had almost 10 MBytes/s transfer from or to
the
>>> server but now I barelly reach 4 MB/s.
>>> Is this some issue with the shorewall or what? BTW, I use on both
>>> networks switches and not hubs.
>>>
>>
>> These usually turn out to be a problem with the physical network or a
>> driver  although I didn''t see a high error rate in the
"shorewall
>> status"
>> output that  you posted.
>>
>> -Tom
>>
>
>
> Driver is the same (I have changed only IP). The network (cable) is  
> the same since the server is on the same place as before (only  
> unplug from one switch and plug into another).
>
> Regards,
> Sasa
>


-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache''s Geronimo App Server.
Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php

Jaap Eldering

2005-Sep-22 17:11 UTC

head link

Re: Speed issue

On Thu, Sep 22, 2005 at 06:56:38PM +0200, Sasa Stupar
wrote:> 
> --On 22. september 2005 18:35 +0200 Jaap Eldering
<eldering@phys.uu.nl>
> wrote:
> 
> >On Thu, Sep 22, 2005 at 06:10:45PM +0200, Sasa Stupar wrote:
> >>--On 22. september 2005 16:21 +0200 Rouke de Jong
> >><roukedejong@gmail.com>  wrote:
> >>
> >>> Sure, if make a kernel compile you can choose at the iptables
option
> >>> whether to use "MAC address match support" or not,
If you want to use
> >>> it, you can choose whether to compile it into the kernel of to
make it
> >>> as a module. If you''ve compiled it as a module, it
should be listed
> >>> somewhere in
/lib/modules/KERNELVERSION/kernel/net/ipv4/netfilter. If
> >>> not, it could be compiled into the kernel. A new kernel
compile should
> >>> do the trick.
> >>
> >>Do you by any chance know the name of the module? I have bunch of
> >>modules  under netfilter folder:
> >>-------------
> >
> >This is the one you (don''t) need:
> >
> >>-rwxr--r--  1 root root  3448 Aug 27 06:06 ipt_mac.ko
> 
> OK, so if I don''t load it, it isn''t there, wright? Or is
it loaded
> automatically on each boot?
That depends on what''s in /etc/modules, in /etc/shorewall/modules and
on maybe some other dependencies or other autoloading features of your
linux distribution. Just check with ''lsmod'' after startup.

Jaap

Sasa Stupar

2005-Sep-22 18:07 UTC

head link

Re: Speed issue

--On 22. september 2005 19:11 +0200 Jaap Eldering <eldering@phys.uu.nl> 
wrote:

> That depends on what''s in /etc/modules, in /etc/shorewall/modules
and
> on maybe some other dependencies or other autoloading features of your
> linux distribution. Just check with ''lsmod'' after
startup.
>
> Jaap


AFAIS it is not loaded:
-------
[root@router ~]# lsmod
Module                  Size  Used by
ipt_MASQUERADE          3265  3
ipt_REJECT              5441  4
ipt_LOG                 7489  7
ipt_state               1985  21
ipt_pkttype             1601  4
iptable_raw             1985  0
ipt_CONNMARK            2113  0
ipt_connmark            1729  0
ipt_owner               4929  0
ipt_recent             14669  0
ipt_iprange             1729  0
ipt_physdev             2129  0
ipt_multiport           2625  6
ipt_conntrack           2497  4
iptable_mangle          2753  0
ip_nat_irc              2753  0
ip_nat_tftp             1985  0
ip_nat_ftp              3393  0
iptable_nat            22677  5 
ipt_MASQUERADE,ip_nat_irc,ip_nat_tftp,ip_nat_ftp
ip_conntrack_irc       72401  1 ip_nat_irc
ip_conntrack_tftp       4177  1 ip_nat_tftp
ip_conntrack_ftp       73041  1 ip_nat_ftp
ip_conntrack           42265  10 
ipt_MASQUERADE,ipt_state,ipt_conntrack,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,iptable_nat,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp
iptable_filter          2881  1
ip_tables              20161  17 
ipt_MASQUERADE,ipt_REJECT,ipt_LOG,ipt_state,ipt_pkttype,iptable_raw,ipt_CONNMARK,ipt_connmark,ipt_owner,ipt_recent,ipt_iprange,ipt_physdev,ipt_multiport,ipt_conntrack,iptable_mangle,iptable_nat,iptable_filter
md5                     4161  1
ipv6                  262209  16
8139too                28481  0
mii                     5569  1 8139too
floppy                 63221  0
dm_snapshot            17669  0
dm_zero                 2113  0
dm_mirror              24877  0
ext3                  130377  2
jbd                    77273  1 ext3
dm_mod                 58229  6 dm_snapshot,dm_zero,dm_mirror
-------------

So we can rule out this possible cause.

Regards,
Sasa

Jerry Vonau

2005-Sep-22 19:54 UTC

head link

Re: Speed issue

>Just a thought, have you checked to see it the network card is auto  
>negotiating the correct speed, if not manually set the speed on the  
>nic appropriately or try another nic.  I seen some equipment both  
>said to be 10/100 auto to be unable to properly negotiate the speed  
>resulting in very poor connectivity. ,Brent
Sasa:
What does ''/sbin/mii-tool -v'' give you?

Jerry



-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache''s Geronimo App Server.
Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php

Sasa Stupar

2005-Sep-23 05:01 UTC

head link

Re: Speed issue

--On 22. september 2005 14:54 -0500 Jerry Vonau <jvonau@shaw.ca> wrote:
>> Just a thought, have you checked to see it the network card is auto
>> negotiating the correct speed, if not manually set the speed on the
>> nic appropriately or try another nic.  I seen some equipment both
>> said to be 10/100 auto to be unable to properly negotiate the speed
>> resulting in very poor connectivity. ,Brent
>
> Sasa:
> What does ''/sbin/mii-tool -v'' give you?
>
> Jerry
>

[root@router ~]# /sbin/mii-tool -v
eth0: negotiated 100baseTx-FD, link ok
  product info: vendor 00:00:00, model 0 rev 0
  basic mode:   autonegotiation enabled
  basic status: autonegotiation complete, link ok
  capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
  advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
  link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
eth1: negotiated 100baseTx-FD, link ok
  product info: vendor 00:00:00, model 0 rev 0
  basic mode:   autonegotiation enabled
  basic status: autonegotiation complete, link ok
  capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
  advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
  link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
eth2: negotiated 100baseTx-FD, link ok
  product info: vendor 00:00:00, model 0 rev 0
  basic mode:   autonegotiation enabled
  basic status: autonegotiation complete, link ok
  capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
  advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
  link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD

Rouke de Jong

2005-Sep-23 10:05 UTC

head link

RE: Speed issue

Hiya

I have a 2.4.27 kernel, so there could be some diffirences. I think the
module is located in /usr/src/2.4.27/net/ipv4/netfilter, I didn''t
compile
it, so it''s called ipt_mac.c. I see in your list an ipt_mac.ko so I
assume
it''s the same :) I have the experience that when I don''t use
the module, my
speed issues are gone, when using more then one switch.

Rouke

-----Oorspronkelijk bericht-----
Van: shorewall-users-admin@lists.sourceforge.net
[mailto:shorewall-users-admin@lists.sourceforge.net] Namens Sasa Stupar
Verzonden: donderdag 22 september 2005 18:11
Aan: shorewall-users@lists.sourceforge.net
Onderwerp: RE: [Shorewall-users] Speed issue

--On 22. september 2005 16:21 +0200 Rouke de Jong <roukedejong@gmail.com> 
wrote:
> Sure, if make a kernel compile you can choose at the iptables option
> whether to use "MAC address match support" or not, If you want to
use it,
> you can choose whether to compile it into the kernel of to make it as a
> module. If you''ve compiled it as a module, it should be listed
somewhere
> in /lib/modules/KERNELVERSION/kernel/net/ipv4/netfilter. If not, it could
> be compiled into the kernel. A new kernel compile should do the trick.
>

Do you by any chance know the name of the module? I have bunch of modules 
under netfilter folder:
-------------
-rwxr--r--  1 root root  4940 Aug 27 06:06 arptable_filter.ko
-rwxr--r--  1 root root 16856 Aug 27 06:06 arp_tables.ko
-rwxr--r--  1 root root  3956 Aug 27 06:06 arpt_mangle.ko
-rwxr--r--  1 root root  7432 Aug 27 06:06 ip_conntrack_amanda.ko
-rwxr--r--  1 root root  9936 Aug 27 06:06 ip_conntrack_ftp.ko
-rwxr--r--  1 root root  9428 Aug 27 06:06 ip_conntrack_irc.ko
-rwxr--r--  1 root root 50340 Aug 27 06:06 ip_conntrack.ko
-rwxr--r--  1 root root 10008 Aug 27 06:06 ip_conntrack_proto_sctp.ko
-rwxr--r--  1 root root  6152 Aug 27 06:06 ip_conntrack_tftp.ko
-rwxr--r--  1 root root  4040 Aug 27 06:06 ip_nat_amanda.ko
-rwxr--r--  1 root root  5320 Aug 27 06:06 ip_nat_ftp.ko
-rwxr--r--  1 root root  4540 Aug 27 06:06 ip_nat_irc.ko
-rwxr--r--  1 root root 14072 Aug 27 06:06 ip_nat_snmp_basic.ko
-rwxr--r--  1 root root  3436 Aug 27 06:06 ip_nat_tftp.ko
-rwxr--r--  1 root root 14096 Aug 27 06:06 ip_queue.ko
-rwxr--r--  1 root root  5872 Aug 27 06:06 iptable_filter.ko
-rwxr--r--  1 root root  5832 Aug 27 06:06 iptable_mangle.ko
-rwxr--r--  1 root root 27604 Aug 27 06:06 iptable_nat.ko
-rwxr--r--  1 root root  4224 Aug 27 06:06 iptable_raw.ko
-rwxr--r--  1 root root 26112 Aug 27 06:06 ip_tables.ko
-rwxr--r--  1 root root  3624 Aug 27 06:06 ipt_addrtype.ko
-rwxr--r--  1 root root  3492 Aug 27 06:06 ipt_ah.ko
-rwxr--r--  1 root root  3820 Aug 27 06:06 ipt_CLASSIFY.ko
-rwxr--r--  1 root root 11376 Aug 27 06:06 ipt_CLUSTERIP.ko
-rwxr--r--  1 root root  3160 Aug 27 06:06 ipt_comment.ko
-rwxr--r--  1 root root  3160 Aug 27 06:06 ipt_connmark.ko
-rwxr--r--  1 root root  3804 Aug 27 06:06 ipt_CONNMARK.ko
-rwxr--r--  1 root root  4096 Aug 27 06:06 ipt_conntrack.ko
-rwxr--r--  1 root root  3152 Aug 27 06:06 ipt_dscp.ko
-rwxr--r--  1 root root  4144 Aug 27 06:06 ipt_DSCP.ko
-rwxr--r--  1 root root  3732 Aug 27 06:06 ipt_ecn.ko
-rwxr--r--  1 root root  5032 Aug 27 06:06 ipt_ECN.ko
-rwxr--r--  1 root root  3496 Aug 27 06:06 ipt_esp.ko
-rwxr--r--  1 root root 15772 Aug 27 06:06 ipt_hashlimit.ko
-rwxr--r--  1 root root  3544 Aug 27 06:06 ipt_helper.ko
-rwxr--r--  1 root root  3284 Aug 27 06:06 ipt_iprange.ko
-rwxr--r--  1 root root  3156 Aug 27 06:06 ipt_length.ko
-rwxr--r--  1 root root  5068 Aug 27 06:06 ipt_limit.ko
-rwxr--r--  1 root root 11368 Aug 27 06:06 ipt_LOG.ko
-rwxr--r--  1 root root  3448 Aug 27 06:06 ipt_mac.ko
-rwxr--r--  1 root root  3152 Aug 27 06:06 ipt_mark.ko
-rwxr--r--  1 root root  4272 Aug 27 06:06 ipt_MARK.ko
-rwxr--r--  1 root root  5216 Aug 27 06:06 ipt_MASQUERADE.ko
-rwxr--r--  1 root root  4316 Aug 27 06:06 ipt_multiport.ko
-rwxr--r--  1 root root  3580 Aug 27 06:06 ipt_NETMAP.ko
-rwxr--r--  1 root root  3648 Aug 27 06:06 ipt_NOTRACK.ko
-rwxr--r--  1 root root  7152 Aug 27 06:06 ipt_owner.ko
-rwxr--r--  1 root root  3768 Aug 27 06:06 ipt_physdev.ko
-rwxr--r--  1 root root  3160 Aug 27 06:06 ipt_pkttype.ko
-rwxr--r--  1 root root  3580 Aug 27 06:06 ipt_realm.ko
-rwxr--r--  1 root root 20572 Aug 27 06:06 ipt_recent.ko
-rwxr--r--  1 root root  3600 Aug 27 06:06 ipt_REDIRECT.ko
-rwxr--r--  1 root root  7564 Aug 27 06:06 ipt_REJECT.ko
-rwxr--r--  1 root root  4072 Aug 27 06:06 ipt_SAME.ko
-rwxr--r--  1 root root  4588 Aug 27 06:06 ipt_sctp.ko
-rwxr--r--  1 root root  3416 Aug 27 06:06 ipt_state.ko
-rwxr--r--  1 root root  3872 Aug 27 06:06 ipt_tcpmss.ko
-rwxr--r--  1 root root  6124 Aug 27 06:06 ipt_TCPMSS.ko
-rwxr--r--  1 root root  3120 Aug 27 06:06 ipt_tos.ko
-rwxr--r--  1 root root  4144 Aug 27 06:06 ipt_TOS.ko
-rwxr--r--  1 root root  3440 Aug 27 06:06 ipt_ttl.ko
-rwxr--r--  1 root root 10928 Aug 27 06:06 ipt_ULOG.ko
--------------

Regards,
Sasa



-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache''s Geronimo App Server.
Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php

Sasa Stupar

2005-Sep-23 12:10 UTC

head link

RE: Speed issue

--On 23. september 2005 12:05 +0200 Rouke de Jong <roukedejong@gmail.com> 
wrote:
> Hiya
>
> I have a 2.4.27 kernel, so there could be some diffirences. I think the
> module is located in /usr/src/2.4.27/net/ipv4/netfilter, I didn''t
compile
> it, so it''s called ipt_mac.c. I see in your list an ipt_mac.ko so
I assume
> it''s the same :) I have the experience that when I don''t
use the module,
> my speed issues are gone, when using more then one switch.
>
> Rouke
>

Well, I have check which modules are loaded and ipt_mac is not one of them. 
So even it is compiled it doesn''t run so this should not be a problem.

Sasa

Shorewall users - Sep 2005 - Speed issue

Speed issue

Re: Speed issue

Re: Speed issue

RE: Speed issue

RE: Speed issue

RE: Speed issue

RE: Speed issue

Re: Speed issue

Re: Speed issue

Re: Speed issue

Re: Speed issue

Re: Speed issue

Re: Speed issue

Re: Speed issue

Re: Speed issue

Re: Speed issue

Re: Speed issue

RE: Speed issue

RE: Speed issue