Shorewall users - Sep 2003 - Conecction speed drop drmatically when using shorewall!!

Hi,

Im having some problems with shorewall, i ve a 512 dsl connection, the 
problem is that if i use it on my linux server with shorewall stoped, the 
connection speed is great (59 kbs) when i start shorewall, when i test it 
from any terminal, speed drops down to 20 or even 15 kbps, why is this??? 
When i first configured shorewall i follow every indication from the guide 
an use the two-interface conf files and modify them to feet my system. What 
can be causing this speed drop down??

Any Clues?? Thanks.
Emilio

Os: Mandrake Linux 9.1

Shorewall Version : 1.4.6b

Ip addr show results:

1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1492 qdisc pfifo_fast qlen 100
    link/ether 00:05:1c:0e:fd:c0 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.3/24 brd 10.0.0.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:e0:7d:a1:1c:bb brd ff:ff:ff:ff:ff:ff
    inet 90.0.0.1/24 brd 90.0.0.255 scope global eth1
361: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen
3
    link/ppp
    inet 200.55.109.85 peer 192.168.96.238/32 scope global ppp0

ip route show results:

192.168.96.238 dev ppp0  proto kernel  scope link  src 200.55.109.85
90.0.0.0/24 dev eth1  scope link
10.0.0.0/24 dev eth0  scope link
127.0.0.0/8 dev lo  scope link
default via 192.168.96.238 dev ppp0

_________________________________________________________________
Instant message during games with MSN Messenger 6.0. Download it now FREE!  
http://msnmessenger-download.com

On Thu, 2003-09-25 at 12:49, Emilio Ruben Estevez wrote:
> Hi,
> 
> Im having some problems with shorewall, i ve a 512 dsl connection, the 
> problem is that if i use it on my linux server with shorewall stoped, the 
> connection speed is great (59 kbs) when i start shorewall, when i test it 
> from any terminal, speed drops down to 20 or even 15 kbps, why is this??? 
I have no idea unless you have done something silly like connecting both
firewall interfaces to the same HUB/switch.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

On 25 Sep 2003 at 19:49, Emilio Ruben Estevez wrote:
> Im having some problems with shorewall, i ve a 512 dsl connection, the
> problem is that if i use it on my linux server with shorewall stoped,
> the connection speed is great (59 kbs) when i start shorewall, when 
i
> test it from any terminal, speed drops down to 20 or even 15 kbps, 
why
> is this??? When i first configured shorewall i follow every 
indication
> from the guide an use the two-interface conf files and modify them 
to
> feet my system. What can be causing this speed drop down??
I see similar speed discrepencies but in my case they are
an apples and oranges problem.

If I use on of the more consistant bandwidth measurement sites ( Such 
as http://speeder.whidbey.net/ ) I get different readings when I do 
it at the FIREWALL box than I do when I do it at my WORKSTATION.  

Firewall = Linux      (apples)
Workstation = Windows  (oranges).

With a Linux workstation, using the same browser as used the firewall 
(and takeing care NOT to be behind a slow hub or switch and making 
sure nothing else is hogging the bandwidth) I''ve found the speeds to 
indistinguishable.  

Note on Hubs and Switches... Just because it says 10 ir 100 meg does 
not mean it can keep up with that speed, only that it will sync with 
the device at that speed.  There is often a BIG difference in packet 
forwarding rates on cheap devices.  






-- 
______________________________________
John Andersen
NORCOM / Juneau, Alaska
http://www.screenio.com/
(907) 790-3386

._______________________________________
John S. Andersen
NORCOM  mailto:JAndersen@norcomsoftware.com
Juneau, Alaska
http://www.screenio.com/