-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Guy Marcenac wrote:> Hello,
>
> I''ve shorewall running a three interfaces firewall (net, loc, dmz)
and
> I''ve got performances problems.
>
> My measured bandwidth from internet is up to 6.8 Mb/s, and I
"only" get
> 3.5Mb/s on my LAN and 5Mb/s on my dmz.
> I checked with iperf, and all my interfaces (eth0, eth1, eth2) can
> actually work at 10 Mb/s.
>
> I tried disabling all the rules from loc to net (policy: loc net
> ACCEPT), the results are the same.
>
> Before continuing I''d like to know if you think I can improve
this,
> knowing my hardware is quite old.
>
> This pc is dedicated to shorewall
> PII 166 48 Mo RAM
>
> debian stable with the standard kernel from the distro:
> Linux fwr 2.4.18-bf2.4 #1 Son Apr 14 09:53:28 CEST 2002 i586 unknown
> iptables 1.2.9
> Shorewall debian backport 2.0.3 (I got the same results with the
> ''stable'' 1.2 shorewall)
It is unlikely that the Shorewall-generated Netfilter ruleset has
anything whatsoever to do with the performance you are seeing. Shorewall
- -generated rules are only involved during connection establishment; once
a connection is established, each packet is only passed through a very
small number of rules.
- -Tom
- --
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBcTT9O/MAbZfjDLIRAvD0AJ4nsNpgdZZ4XxRO0fCG//sg4ykh3ACeMDZz
uurr1qcXWuMkVSb8A4golgs=6Wp1
-----END PGP SIGNATURE-----