Hi everybody! We are using Shorewall first days. Before I ran the firewall there were some pc-s and the ftp server (Mandrake 8.1 & ProFtpd, Samba) in our private network Now the ftp server stands before the firewall (between ISP''s router and fw). Everything is very good except the ftp''s upload speed for our pc''s inside the network. Before the fw it was 1Mbps, but now it is extremely slow. Interesting is - it dies - slower & slower & slower & ...But for pc''s from outside it''s perfect! The shorewall''s files setting are regular. I''m tried almoust all but the problem is still here! If anybody can help me with some sample rules, please help me!!!! Best regards, Janek
Hi everybody! We are using Shorewall first days. Before I ran the firewall there were some pc-s and the ftp server (Mandrake 8.1 & ProFtpd, Samba) in our private network Now the ftp server stands before the firewall (between ISP''s router and fw). Everything is very good except the ftp''s upload speed for our pc''s inside the network. Before the fw it was 1Mbps, but now it is extremely slow. Interesting is - it dies - slower & slower & slower & ...But for pc''s from outside it''s perfect! The shorewall''s files setting are regular. I''m tried almoust all but the problem is still here! If anybody can help me with some sample rules, please help me!!!! Best regards, Janek
Hi Tom! I use two-interface config. If I eliminate the firewall, everything is OK. It means - cables, hub and switch are fine. Janek> Janek Jüssi wrote: > > Hi everybody! > > We are using Shorewall first days. Before I ran the firewall there were > > some pc-s and the ftp server (Mandrake 8.1 & ProFtpd, Samba) in ourprivate> > network Now the ftp server stands before the firewall (between ISP''srouter> > and fw). Everything is very good except the ftp''s upload speed for ourpc''s> > inside the network. Before the fw it was 1Mbps, but now it is extremely > > slow. Interesting is - it dies - slower & slower & slower & ...But forpc''s> > from outside it''s perfect! The shorewall''s files setting are regular. > > What does that mean? That you used the two-interface sample config? > > > I''m > > tried almoust all but the problem is still here! > > If anybody can help me with some sample rules, please help me!!!! > > > If you can communicate with the FTP server at all, it''s not a rules > problem. In my experience, these symptoms are usually associated with > flakey cables or switch/hub ports. > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > AIM: tmeastep \ http://www.shorewall.net > ICQ: #60745924 \ teastep@shorewall.net > >
Janek Jüssi wrote:> Hi Tom! > I use two-interface config. > If I eliminate the firewall, everything is OK. It means - cables, hub and > switch are fine.What do you mean "eliminate the firewall" -- you do "shorewall clear"? -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Janek Jüssi wrote:> Hi Tom! > I use two-interface config. > If I eliminate the firewall, everything is OK. It means - cables, hub and > switch are fine.You don''t have both interfaces on your firewall connected to the same hub/switch do you? -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Sorry about my bad expression. I mean work without firewall. Like we did before I ran Linux server with Shorewall. Janek.> Janek Jüssi wrote: > > Hi Tom! > > I use two-interface config. > > If I eliminate the firewall, everything is OK. It means - cables, huband> > switch are fine. > > What do you mean "eliminate the firewall" -- you do "shorewall clear"? > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > AIM: tmeastep \ http://www.shorewall.net > ICQ: #60745924 \ teastep@shorewall.net > >
No, of cource not! Internet comes from ISP''s router to the hub. From the hub to fw''s eth0. Then from eth0 to the eth1, then from the eth1 to the switch. My ftp-server is also switched to the hub. And all the computers are connected to switch. Janek> Janek Jüssi wrote: > > Hi Tom! > > I use two-interface config. > > If I eliminate the firewall, everything is OK. It means - cables, huband> > switch are fine. > > You don''t have both interfaces on your firewall connected to the same > hub/switch do you? > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > AIM: tmeastep \ http://www.shorewall.net > ICQ: #60745924 \ teastep@shorewall.net > >
Janek Jüssi wrote:> No, of cource not! Internet comes from ISP''s router to the hub. From the hub > to fw''s eth0. Then from eth0 to the eth1, then from the eth1 to the switch. > My ftp-server is also switched to the hub. And all the computers are > connected to switch.Just to complete this thread -- the problem was traced to a faulty hub port. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net