Hello, I''m not subscribed to this list, but would like to ask a question. When I conduct a network speed test from the following location http://www.timewarnerla.com/speedtest/speedtest.asp with firewall started I get no more than 1 Mbps at best, while without one I get 4 Mbps. I have a RCA DCM325 cable modem from RoadRunner. I''m using Shorewall 2.2.0-Beta3. My OS is SuSe 9.1 kernel 2.6.5-7.111.5-default running on Dell PowerEdge 400SC with 2.0 MHz CPU, 256 MB RAM, 40 GB hard drive. My network uses 100 MB/sec switches only. This machine has an Intel gigabit interface built-in. If I set it to MTU 8192, than I get 4 Mbps. I found out that an interface with 100 MB/sec cannot be set to more than 1500 MTU. My rule set is not that big. Counting rules like this iptables -L -n | grep -c "/" returns 219. I do not have burst rate set either. I''ve tried using the built-in SuSe firewall, but got the same speed issue. I''ve tried other slower machines with more RAM, but got the same issue. When I plugin any Windows machine directly into the cable modem, then I get 4 Mbps on 100 MB/sec interface. Any ideas would be greatly appreciated. Thank you in advance, Alex.
On Mon, 2004-12-06 at 19:35 -0800, Alexander Polishchuk wrote:> > Any ideas would be greatly appreciated. >I''m betting that the problem has nothing to do with iptables/Netfilter/Shorewall. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Mon, 2004-12-06 at 20:15 -0800, Tom Eastep wrote:> On Mon, 2004-12-06 at 19:35 -0800, Alexander Polishchuk wrote: > > > > > Any ideas would be greatly appreciated. > > > > I''m betting that the problem has nothing to do with > iptables/Netfilter/Shorewall. >There is one possibility -- if traffic on either side of the firewall is fragmented (in the IP sense) then when the ip_conntrack module is first loaded, the firewall begins reassembling those packets (and possibly disassembling them again). That''s because stateful packet filtering cannot work on fragments and must assemble complete packets to work properly. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Robert K Coffman Jr - Info From Data Corporation
2004-Dec-07 15:33 UTC
RE: Network slowdown
Alexander, I traced a similar issue with RoadRunner (although I believe the modem was Toshiba) to a link speed problem between the cable modem and the router. To resolve it, I installed a different network card, however I''m sure this could be resolved through software. - Bob Coffman -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net]On Behalf Of Alexander Polishchuk Sent: Monday, December 06, 2004 10:35 PM To: shorewall-users@lists.shorewall.net Subject: [Shorewall-users] Network slowdown Hello, I''m not subscribed to this list, but would like to ask a question. When I conduct a network speed test from the following location http://www.timewarnerla.com/speedtest/speedtest.asp with firewall started I get no more than 1 Mbps at best, while without one I get 4 Mbps. I have a RCA DCM325 cable modem from RoadRunner. I''m using Shorewall 2.2.0-Beta3. My OS is SuSe 9.1 kernel 2.6.5-7.111.5-default running on Dell PowerEdge 400SC with 2.0 MHz CPU, 256 MB RAM, 40 GB hard drive. My network uses 100 MB/sec switches only. This machine has an Intel gigabit interface built-in. If I set it to MTU 8192, than I get 4 Mbps. I found out that an interface with 100 MB/sec cannot be set to more than 1500 MTU. My rule set is not that big. Counting rules like this iptables -L -n | grep -c "/" returns 219. I do not have burst rate set either. I''ve tried using the built-in SuSe firewall, but got the same speed issue. I''ve tried other slower machines with more RAM, but got the same issue. When I plugin any Windows machine directly into the cable modem, then I get 4 Mbps on 100 MB/sec interface. Any ideas would be greatly appreciated. Thank you in advance, Alex. _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm