Hi everyone, Sorry for asking OT here, but I need your expertise :-) I am running a standard 3 I/F net, dmz, loc Shorewall 1.4.7 on a RH 9 server In the DMZ I have a web shop running with DNAT from the external address to the DMZ - this all works I want to add a develop server in the DMZ with external access so I set this up as per the live server and from internal network it works, but from external it is very very slowwwww Both the live and develop web servers have the default route set I defined the 3rd IP address on eth0 as follows: ifconfig eth0:2 81.200.97.51 netmask 255.255.255.252 Does anyone have any ideas what I have done wrong or where I can look next Thanks, Graham -- Graham K. Dodd Director of Operations Falk & Ross GmbH Tel: 06301 717 0
On Fri, 2004-11-26 at 16:53 +0100, Graham Dodd wrote:> > Does anyone have any ideas what I have done wrong or where I can look nextAre you saying that the performance of the test server is okay when accessed from the local network? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
shorewall-users-bounces@lists.shorewall.net <> wrote:> On Fri, 2004-11-26 at 16:53 +0100, Graham Dodd wrote: > >> >> Does anyone have any ideas what I have done wrong or where I can look >> next > > Are you saying that the performance of the test server is > okay when accessed from the local network? >Yes internally it''s fine, I DNAT loc to the DMZ and no problems Graham -- Graham K. Dodd Director of Operations Falk & Ross GmbH Tel: 06301 717 0
On Fri, 2004-11-26 at 17:27 +0100, Graham Dodd wrote:> shorewall-users-bounces@lists.shorewall.net <> wrote: > > On Fri, 2004-11-26 at 16:53 +0100, Graham Dodd wrote: > > > >> > >> Does anyone have any ideas what I have done wrong or where I can look > >> next > > > > Are you saying that the performance of the test server is > > okay when accessed from the local network? > > > > Yes internally it''s fine, I DNAT loc to the DMZ and no problemsHmmm - nothing comes to mind. I guess if it were I, the next move would be to sniff some of the slow traffic and see if that provided a clue. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key