Hi Tom, How are u? hehehe I have a question. I have 2 pc with redhat 9.0 configured with ipsec freeswan 1.99 (vpn) and i have to tranfer file from one to the othert one. I see that ftp tranfer have a throughtput is the double than a netbios tranfer... why??? I supposed the problem is the TOS.(/etc/shorewall/tos) and i modified the file like ftp... in this method. #SOURCE DEST PROTOCOL SOURCE PORTS DEST PORTS TOS all all tcp - ssh 16 all all tcp ssh - 16 all all tcp - ftp 16 all all tcp ftp - 16 all all tcp ftp-data - 8 all all tcp - ftp-data 8 all all tcp netbios-ns - 8 all all tcp - netbios-ns 8 all all tcp netbios-ssn - 8 all all tcp - netbios-ssn 8 but don''t work and have the same result. like the pic.. do you have a suggest? thankx a lot.. Luca -- =======================================Andreoli Luca System Support Division Kelyan SMC S.p.a. - Franco Bernab? Group E-Mail: l.andreoli@kelyansmc.it ======================================== -------------- next part -------------- A non-text attachment was scrubbed... Name: foto1.png Type: image/png Size: 53290 bytes Desc: not available Url : http://lists.shorewall.net/pipermail/shorewall-users/attachments/20030609/a2ee7639/foto1-0001.png
On Mon, 09 Jun 2003 18:02:26 +0200, Luca Andreoli <l.andreoli@kelyansmc.it> wrote:> I have a question. > I have 2 pc with redhat 9.0 configured with ipsec freeswan 1.99 (vpn) and > i have to tranfer file from one to the othert one. > I see that ftp tranfer have a throughtput is the double than a netbios > tranfer... why??? > I supposed the problem is the TOS.(/etc/shorewall/tos) and i modified the > file like ftp... in this method.TOS only comes into play when there are routers in the path that pay attention to that field. In your case, unless you have QOS configured to queue traffic over the ipsec link using the TOS field, TOS will be ignored in your environment.> > #SOURCE DEST PROTOCOL SOURCE PORTS DEST PORTS > TOS > all all tcp - ssh > 16 > all all tcp ssh - > 16 > all all tcp - ftp > 16 > all all tcp ftp - > 16 > all all tcp ftp-data - 8 > all all tcp - ftp-data 8 > all all tcp netbios-ns - 8 > all all tcp - netbios-ns 8 > all all tcp netbios-ssn - 8 > all all tcp - netbios-ssn 8 > > but don''t work and have the same result. > like the pic.. > do you have a suggest? >No -- I haven''t personally compared SMB and FTP performance since I don''t use SMB through my firewall. Possibly other users have some experience in this area. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
Anyone can help me pls!!! thnkx a lot.. Tom Eastep wrote:> On Mon, 09 Jun 2003 18:02:26 +0200, Luca Andreoli > <l.andreoli@kelyansmc.it> wrote: > > >> I have a question. >> I have 2 pc with redhat 9.0 configured with ipsec freeswan 1.99 (vpn) >> and i have to tranfer file from one to the othert one. >> I see that ftp tranfer have a throughtput is the double than a >> netbios tranfer... why??? >> I supposed the problem is the TOS.(/etc/shorewall/tos) and i modified >> the file like ftp... in this method. > > > TOS only comes into play when there are routers in the path that pay > attention to that field. In your case, unless you have QOS configured > to queue traffic over the ipsec link using the TOS field, TOS will be > ignored in your environment. > >> >> #SOURCE DEST PROTOCOL SOURCE PORTS DEST >> PORTS TOS >> all all tcp - >> ssh 16 >> all all tcp ssh >> - 16 >> all all tcp - >> ftp 16 >> all all tcp ftp >> - 16 >> all all tcp ftp-data >> - 8 >> all all tcp - >> ftp-data 8 >> all all tcp netbios-ns >> - 8 >> all all tcp - >> netbios-ns 8 >> all all tcp netbios-ssn >> - 8 >> all all tcp - >> netbios-ssn 8 >> >> but don''t work and have the same result. >> like the pic.. >> do you have a suggest? >> > > No -- I haven''t personally compared SMB and FTP performance since I > don''t use SMB through my firewall. Possibly other users have some > experience in this area. > > -Tom-- =======================================Andreoli Luca System Support Division Kelyan SMC S.p.a. - Franco Bernab? Group Via Nuova Ponente 1/A-1/B 41012 Carpi (MO), Italy Tel.+39 059 637611 Fax.+39 059 694768 E-Mail: l.andreoli@kelyansmc.it ========================================
Luca Andreoli schrieb:> > Anyone can help me pls!!!I don''t think you have a real problem, FTP is expected to be faster. I have never seen good performance in Windows file sharing.... Simon> thnkx a lot.. > > Tom Eastep wrote: > > > On Mon, 09 Jun 2003 18:02:26 +0200, Luca Andreoli > > <l.andreoli@kelyansmc.it> wrote: > > > > > >> I have a question. > >> I have 2 pc with redhat 9.0 configured with ipsec freeswan 1.99 (vpn) > >> and i have to tranfer file from one to the othert one. > >> I see that ftp tranfer have a throughtput is the double than a > >> netbios tranfer... why??? > >> I supposed the problem is the TOS.(/etc/shorewall/tos) and i modified > >> the file like ftp... in this method. > > > > > > TOS only comes into play when there are routers in the path that pay > > attention to that field. In your case, unless you have QOS configured > > to queue traffic over the ipsec link using the TOS field, TOS will be > > ignored in your environment. > > > >> > >> #SOURCE DEST PROTOCOL SOURCE PORTS DEST > >> PORTS TOS > >> all all tcp - > >> ssh 16 > >> all all tcp ssh > >> - 16 > >> all all tcp - > >> ftp 16 > >> all all tcp ftp > >> - 16 > >> all all tcp ftp-data > >> - 8 > >> all all tcp - > >> ftp-data 8 > >> all all tcp netbios-ns > >> - 8 > >> all all tcp - > >> netbios-ns 8 > >> all all tcp netbios-ssn > >> - 8 > >> all all tcp - > >> netbios-ssn 8 > >> > >> but don''t work and have the same result. > >> like the pic.. > >> do you have a suggest? > >> > > > > No -- I haven''t personally compared SMB and FTP performance since I > > don''t use SMB through my firewall. Possibly other users have some > > experience in this area. > > > > -Tom > > -- > =======================================> Andreoli Luca > System Support Division > Kelyan SMC S.p.a. - Franco Bernab? Group > Via Nuova Ponente 1/A-1/B > 41012 Carpi (MO), Italy > Tel.+39 059 637611 > Fax.+39 059 694768 > E-Mail: l.andreoli@kelyansmc.it > =======================================> > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: http://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
but why netbios is the half of ftp?!?!?! Simon Matter wrote:>Luca Andreoli schrieb: > > >>Anyone can help me pls!!! >> >> > >I don''t think you have a real problem, FTP is expected to be faster. I >have never seen good performance in Windows file sharing.... > >Simon > > > >>thnkx a lot.. >> >>Tom Eastep wrote: >> >> >> >>>On Mon, 09 Jun 2003 18:02:26 +0200, Luca Andreoli >>><l.andreoli@kelyansmc.it> wrote: >>> >>> >>> >>> >>>>I have a question. >>>>I have 2 pc with redhat 9.0 configured with ipsec freeswan 1.99 (vpn) >>>>and i have to tranfer file from one to the othert one. >>>>I see that ftp tranfer have a throughtput is the double than a >>>>netbios tranfer... why??? >>>>I supposed the problem is the TOS.(/etc/shorewall/tos) and i modified >>>>the file like ftp... in this method. >>>> >>>> >>>TOS only comes into play when there are routers in the path that pay >>>attention to that field. In your case, unless you have QOS configured >>>to queue traffic over the ipsec link using the TOS field, TOS will be >>>ignored in your environment. >>> >>> >>> >>>>#SOURCE DEST PROTOCOL SOURCE PORTS DEST >>>>PORTS TOS >>>>all all tcp - >>>>ssh 16 >>>>all all tcp ssh >>>>- 16 >>>>all all tcp - >>>>ftp 16 >>>>all all tcp ftp >>>>- 16 >>>>all all tcp ftp-data >>>>- 8 >>>>all all tcp - >>>>ftp-data 8 >>>>all all tcp netbios-ns >>>>- 8 >>>>all all tcp - >>>>netbios-ns 8 >>>>all all tcp netbios-ssn >>>>- 8 >>>>all all tcp - >>>>netbios-ssn 8 >>>> >>>>but don''t work and have the same result. >>>>like the pic.. >>>>do you have a suggest? >>>> >>>> >>>> >>>No -- I haven''t personally compared SMB and FTP performance since I >>>don''t use SMB through my firewall. Possibly other users have some >>>experience in this area. >>> >>>-Tom >>> >>> >>-- >>=======================================>>Andreoli Luca >>System Support Division >>Kelyan SMC S.p.a. - Franco Bernab? Group >>Via Nuova Ponente 1/A-1/B >>41012 Carpi (MO), Italy >>Tel.+39 059 637611 >>Fax.+39 059 694768 >>E-Mail: l.andreoli@kelyansmc.it >>=======================================>> >>_______________________________________________ >>Shorewall-users mailing list >>Post: Shorewall-users@lists.shorewall.net >>Subscribe/Unsubscribe: http://lists.shorewall.net/mailman/listinfo/shorewall-users >>Support: http://www.shorewall.net/support.htm >>FAQ: http://www.shorewall.net/FAQ.htm >> >> > > >-- =======================================Andreoli Luca System Support Division Kelyan SMC S.p.a. - Franco Bernab? Group Via Nuova Ponente 1/A-1/B 41012 Carpi (MO), Italy Tel.+39 059 637611 Fax.+39 059 694768 E-Mail: l.andreoli@kelyansmc.it ======================================== -------------- next part -------------- A non-text attachment was scrubbed... Name: foto1.png Type: image/png Size: 53290 bytes Desc: not available Url : http://lists.shorewall.net/pipermail/shorewall-users/attachments/20030611/35d09b41/foto1-0001.png
Luca Andreoli schrieb:> > but why netbios is the half of ftp?!?!?!I don''t know. It''s just my experience with FTP and Netbios filetransfer. Only B.G. knows :)> > Simon Matter wrote: > > >Luca Andreoli schrieb: > > > > > >>Anyone can help me pls!!! > >> > >> > > > >I don''t think you have a real problem, FTP is expected to be faster. I > >have never seen good performance in Windows file sharing.... > > > >Simon > > > > > > > >>thnkx a lot.. > >> > >>Tom Eastep wrote: > >> > >> > >> > >>>On Mon, 09 Jun 2003 18:02:26 +0200, Luca Andreoli > >>><l.andreoli@kelyansmc.it> wrote: > >>> > >>> > >>> > >>> > >>>>I have a question. > >>>>I have 2 pc with redhat 9.0 configured with ipsec freeswan 1.99 (vpn) > >>>>and i have to tranfer file from one to the othert one. > >>>>I see that ftp tranfer have a throughtput is the double than a > >>>>netbios tranfer... why??? > >>>>I supposed the problem is the TOS.(/etc/shorewall/tos) and i modified > >>>>the file like ftp... in this method. > >>>> > >>>> > >>>TOS only comes into play when there are routers in the path that pay > >>>attention to that field. In your case, unless you have QOS configured > >>>to queue traffic over the ipsec link using the TOS field, TOS will be > >>>ignored in your environment. > >>> > >>> > >>> > >>>>#SOURCE DEST PROTOCOL SOURCE PORTS DEST > >>>>PORTS TOS > >>>>all all tcp - > >>>>ssh 16 > >>>>all all tcp ssh > >>>>- 16 > >>>>all all tcp - > >>>>ftp 16 > >>>>all all tcp ftp > >>>>- 16 > >>>>all all tcp ftp-data > >>>>- 8 > >>>>all all tcp - > >>>>ftp-data 8 > >>>>all all tcp netbios-ns > >>>>- 8 > >>>>all all tcp - > >>>>netbios-ns 8 > >>>>all all tcp netbios-ssn > >>>>- 8 > >>>>all all tcp - > >>>>netbios-ssn 8 > >>>> > >>>>but don''t work and have the same result. > >>>>like the pic.. > >>>>do you have a suggest? > >>>> > >>>> > >>>> > >>>No -- I haven''t personally compared SMB and FTP performance since I > >>>don''t use SMB through my firewall. Possibly other users have some > >>>experience in this area. > >>> > >>>-Tom > >>> > >>> > >>-- > >>=======================================> >>Andreoli Luca > >>System Support Division > >>Kelyan SMC S.p.a. - Franco Bernab? Group > >>Via Nuova Ponente 1/A-1/B > >>41012 Carpi (MO), Italy > >>Tel.+39 059 637611 > >>Fax.+39 059 694768 > >>E-Mail: l.andreoli@kelyansmc.it > >>=======================================> >> > >>_______________________________________________ > >>Shorewall-users mailing list > >>Post: Shorewall-users@lists.shorewall.net > >>Subscribe/Unsubscribe: http://lists.shorewall.net/mailman/listinfo/shorewall-users > >>Support: http://www.shorewall.net/support.htm > >>FAQ: http://www.shorewall.net/FAQ.htm > >> > >> > > > > > > > > -- > =======================================> Andreoli Luca > System Support Division > Kelyan SMC S.p.a. - Franco Bernab? Group > Via Nuova Ponente 1/A-1/B > 41012 Carpi (MO), Italy > Tel.+39 059 637611 > Fax.+39 059 694768 > E-Mail: l.andreoli@kelyansmc.it > =======================================> > ------------------------------------------------------------------------ > [Image]
>I don''t think you have a real problem, FTP is expected to be faster. I >have never seen good performance in Windows file sharing....Uhm, I have no problem pulling 8200Kbyte/sec between my windows boxes on a 100Mbps segment, why would Windows File Sharing be slow? (Intel Etherexpress NIC''s, Catalyst Switches)
I don''t know.... do you have recompile kernel with qos???? Jan Johansson wrote:>>I don''t think you have a real problem, FTP is expected to be faster. I >>have never seen good performance in Windows file sharing.... >> >> > >Uhm, I have no problem pulling 8200Kbyte/sec between my windows boxes on >a 100Mbps segment, why would Windows File Sharing be slow? > >(Intel Etherexpress NIC''s, Catalyst Switches) > >_______________________________________________ >Shorewall-users mailing list >Post: Shorewall-users@lists.shorewall.net >Subscribe/Unsubscribe: http://lists.shorewall.net/mailman/listinfo/shorewall-users >Support: http://www.shorewall.net/support.htm >FAQ: http://www.shorewall.net/FAQ.htm > > >-- =======================================Andreoli Luca System Support Division Kelyan SMC S.p.a. - Franco Bernabe` Group Via Nuova Ponente 1/A-1/B 41012 Carpi (MO), Italy Tel.+39 059 637611 Fax.+39 059 694768 E-Mail: l.andreoli@kelyansmc.it ========================================
>I don''t know.... do you have recompile kernel with qos????Yes, there is traffic shaping done on the segment.
Jan Johansson schrieb:> > >I don''t think you have a real problem, FTP is expected to be faster. I > >have never seen good performance in Windows file sharing.... > > Uhm, I have no problem pulling 8200Kbyte/sec between my windows boxes on > a 100Mbps segment, why would Windows File Sharing be slow?Okay, 1) You have a 100M LAN segment, Luca has two networks which are connected via IPSEC tunnel. 2) There are big differences between DOS based Win and the newer w2k/wxp. I have assumed something like Win98 as the client. 3) With my old Linux box (kernel 2.2) and an old Linux server (kernel 2.2, 266MHz!), I have no problems pulling 11350 Kbyte/sec over the wire via FTP (File size is 40Mb in 3.5 sec). So, there is still a difference even compared to NFS. Simon> > (Intel Etherexpress NIC''s, Catalyst Switches)
But the problem is into my redhat 9.0 and kernel 2.4.20 or in my client? the client is a win98 and the server in the other side of the vpn tunnel is an winnt 4.0 Simon Matter wrote:>Jan Johansson schrieb: > > >>>I don''t think you have a real problem, FTP is expected to be faster. I >>>have never seen good performance in Windows file sharing.... >>> >>> >>Uhm, I have no problem pulling 8200Kbyte/sec between my windows boxes on >>a 100Mbps segment, why would Windows File Sharing be slow? >> >> > >Okay, >1) You have a 100M LAN segment, Luca has two networks which are >connected via IPSEC tunnel. > >2) There are big differences between DOS based Win and the newer >w2k/wxp. I have assumed something like Win98 as the client. > >3) With my old Linux box (kernel 2.2) and an old Linux server (kernel >2.2, 266MHz!), I have no problems pulling 11350 Kbyte/sec over the wire >via FTP (File size is 40Mb in 3.5 sec). So, there is still a difference >even compared to NFS. > >Simon > > > >>(Intel Etherexpress NIC''s, Catalyst Switches) >> >> >_______________________________________________ >Shorewall-users mailing list >Post: Shorewall-users@lists.shorewall.net >Subscribe/Unsubscribe: http://lists.shorewall.net/mailman/listinfo/shorewall-users >Support: http://www.shorewall.net/support.htm >FAQ: http://www.shorewall.net/FAQ.htm > > >
> -----Original Message----- > From: Luca Andreoli > Sent: Wednesday, June 11, 2003 10:41 AM > Subject: Re: [Shorewall-users] Re: shorewall + tos + netbios > > > But the problem is into my redhat 9.0 and kernel 2.4.20 or in > my client? the client is a win98 and the server in the other > side of the vpn tunnel is an winnt 4.0Luca, Have you tried running ethereal or tcpdump? A short snapshot between ftp/smb file transfers should reveal the source of your problem. Like packet fragmentation due to vpn ecapsulation or something along those lines. Steve Cowles
Luca Andreoli wrote:> But the problem is into my redhat 9.0 and kernel 2.4.20 or in my client? > the client is a win98 and the server in the other side of the vpn tunnel > is an winnt 4.0Ok, so if i''m not mistaking, you have this: Win98 -- Shorewall -- tunneled NET/VPN -- Shorewall -- WinNT And your FTP transfers from WinNT to Win98 through the tunnel are twice as fast as your SMB transfers. If this is the case, i ''d be surprised if it has got anything to do with the firewalls. They show that they are capable of handling high speeds with FTP. No reason why tunneling/routing/shaping would be different with SMB in my opinion. I also doubt that any TOS field would make a difference here. My guess is that the problem is with the Win boxes. If the above is NOT the case you really need to be more clear on your setup. For instance, 1. Do you have shorewall on both firewalls? 2. Do you do traffic schaping on both firewalls? Hope this helps, Pieter.
Thx Pieter for replying
ok.. i explain to you....
1. i have shorewall 1.4 in both firewall with redhat 9.0 kernel
2.4.20 not modified
2. i only modified tos file in shorewall without traffic shaping (and
qos disabled) because in starndard kernel qos not active.
and the tunnel and all you write is correct.
now i wait your aswer..ehehe
bye..
luca
Pieter Ennes wrote:
> Luca Andreoli wrote:
>
>> But the problem is into my redhat 9.0 and kernel 2.4.20 or in my
client?
>> the client is a win98 and the server in the other side of the vpn
>> tunnel is an winnt 4.0
>
>
> Ok, so if i''m not mistaking, you have this:
>
> Win98 -- Shorewall -- tunneled NET/VPN -- Shorewall -- WinNT
>
> And your FTP transfers from WinNT to Win98 through the tunnel are
> twice as fast as your SMB transfers. If this is the case, i ''d be
> surprised if it has got anything to do with the firewalls. They show
> that they are capable of handling high speeds with FTP. No reason why
> tunneling/routing/shaping would be different with SMB in my opinion. I
> also doubt that any TOS field would make a difference here. My guess
> is that the problem is with the Win boxes.
>
> If the above is NOT the case you really need to be more clear on your
> setup. For instance,
>
> 1. Do you have shorewall on both firewalls?
> 2. Do you do traffic schaping on both firewalls?
>
> Hope this helps,
>
> Pieter.
>
>
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users@lists.shorewall.net
> Subscribe/Unsubscribe:
> http://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
>
On Thu, 2003-06-12 at 07:07, Luca Andreoli wrote:> Thx Pieter for replying > ok.. i explain to you.... > > 1. i have shorewall 1.4 in both firewall with redhat 9.0 kernel > 2.4.20 not modified > 2. i only modified tos file in shorewall without traffic shaping (and > qos disabled) because in starndard kernel qos not active.QOS is available in *all* RedHat kernels. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote:>On Thu, 2003-06-12 at 07:07, Luca Andreoli wrote: > > >>Thx Pieter for replying >>ok.. i explain to you.... >> >> 1. i have shorewall 1.4 in both firewall with redhat 9.0 kernel >> 2.4.20 not modified >> 2. i only modified tos file in shorewall without traffic shaping (and >> qos disabled) because in starndard kernel qos not active. >> >> > >QOS is available in *all* RedHat kernels. > >-Tom > >yes but not active with standard kernel (not compiled) in redhat 9.0
On Thu, 2003-06-12 at 08:06, Luca Andreoli wrote:> Tom Eastep wrote: > > >On Thu, 2003-06-12 at 07:07, Luca Andreoli wrote: > > > > > >>Thx Pieter for replying > >>ok.. i explain to you.... > >> > >> 1. i have shorewall 1.4 in both firewall with redhat 9.0 kernel > >> 2.4.20 not modified > >> 2. i only modified tos file in shorewall without traffic shaping (and > >> qos disabled) because in starndard kernel qos not active. > >> > >> > > > >QOS is available in *all* RedHat kernels. > > > >-Tom > > > > > yes but not active with standard kernel (not compiled) in redhat 9.0 > >I RUN REDHAT 9.0 AND I USE QOS!!! -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote:>On Thu, 2003-06-12 at 08:06, Luca Andreoli wrote: > > >>Tom Eastep wrote: >> >> >> >>>On Thu, 2003-06-12 at 07:07, Luca Andreoli wrote: >>> >>> >>> >>> >>>>Thx Pieter for replying >>>>ok.. i explain to you.... >>>> >>>> 1. i have shorewall 1.4 in both firewall with redhat 9.0 kernel >>>> 2.4.20 not modified >>>> 2. i only modified tos file in shorewall without traffic shaping (and >>>> qos disabled) because in starndard kernel qos not active. >>>> >>>> >>>> >>>> >>>QOS is available in *all* RedHat kernels. >>> >>>-Tom >>> >>> >>> >>> >>yes but not active with standard kernel (not compiled) in redhat 9.0 >> >> >> >> > >I RUN REDHAT 9.0 AND I USE QOS!!! > >-Tom > >But do you have recompiled the kernel to activate it or not?
On Thu, 2003-06-12 at 08:13, Luca Andreoli wrote:> > > But do you have recompiled the kernel to activate it or not?I do *not* recompile the kernel for QOS. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
Is there anything special you have to do to get the QOS data to take effect on a redhat 9.0 kernel? Thanks! On 12 Jun 2003, Tom Eastep wrote:> On Thu, 2003-06-12 at 08:13, Luca Andreoli wrote: > > > > > > But do you have recompiled the kernel to activate it or not? > > I do *not* recompile the kernel for QOS. > > -Tom >-- Steve Herber herber@thing.com work: 206-221-7262 Security Engineer, UW Medicine, IT Services home: 425-454-2399
On Thu, 2003-06-12 at 09:45, Steve Herber wrote:> Is there anything special you have to do to get the QOS data to take > effect on a redhat 9.0 kernel?Basically you can download wondershaper, move it to /etc/shorewall/tcstart, configure it and refresh Shorewall. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
Luca Andreoli wrote:> Thx Pieter for replying > ok.. i explain to you.... > > 1. i have shorewall 1.4 in both firewall with redhat 9.0 kernel > 2.4.20 not modified > 2. i only modified tos file in shorewall without traffic shaping (and > qos disabled) because in starndard kernel qos not active. > > and the tunnel and all you write is correct. > now i wait your aswer..eheheWell, like i said, i doubt it''s got something to do with the firewall itself, let alone the TOS field. You could take a look at the load on the Winboxes during both transfers. But there''s lots of things to try, and i won''t be able to help you with that. Pieter.
Apparently Analagous Threads
- iptables squid shorewall
- iptables and squid
- [RFC PATCH 0/4] PAM module for ssh-agent user authentication
- OpenSSH not requesting touch on FIDO keys (was: OpenSSH not requesting PIN code for YubiKey)
- OpenSSH not requesting touch on FIDO keys (was: OpenSSH not requesting PIN code for YubiKey)