Hello Victor,
On Sun, 9 Jun 2002, Victor Rini wrote:
>
> I first noticed very sluggish performance between corp and man and on the
> man network in general. I removed the default filters for broadcasts and
> netbios chatter and things seemed to improve immediately. Was I seeing
> things?
>
I believe that you were :-) The filters are only used to prevent logging
of those packets as part of REJECT or DENY policies that log. So removing
those checks doesn''t pass any additional traffic through the firewall.
> Corp and man are set in the policy file to accept each others traffic.
I''ve
> noticed very sluggish performance of VNC between man and corp. Everything
> else (e-mail, Citrix Metaframe) seem to be fine. Any ideas?
>
If your policy is ACCEPT then the ''common'' chain
isn''t used between ''corp''
and ''man'' so adding or removing of rules from that chain (such
as the
broadcast and netbios rules) can have no effect.
My experience with VNC is that it doesn''t perform very well in any
environment. You might try setting the CLAMPMSS option in shorewall.conf
just in case you have an MTU problem.
> I was wondering at one point if I really needed to have corp and man zones
> but I want to use Tom''s traffic shaping features between them.
Haven''t
> gotten to that quite yet.
>
You should be able to implement traffic control independently of how you
have configured your zones.
> I feel very lucky to have discovered shorewall and look forward to
> participating in the list. I''ve looked over Tom''s bash
script code and I am
> very impressed!
Thanks!
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ teastep@shorewall.net