Shorewall users - Nov 2005 - Server in DMZ

Hi!

I have set up and running Shorewall 3.0 on my FC3 (router). I have 3 NIC 
setup: eth0 (inet), eth1 (LAN), eth2 (DMZ).
What bothers me is the speed to and from the server to LAN users which is 
max. around 3500 kbit/s. My network is 100 Mbit. The server is attached 
directly to the eth2 NIC of the router. Lan users are attached to eth1 via 
switch. The speed between LAN users is as expected 100 Mbit. If I move 
server to LAN the speed is 100 Mbit.
The speed between LAN and router and DMZ and router is also as expected 100 
Mbit.
Is there something I could do to make it more faster since I use server as 
Samba server also?

BTW: The NIC''s are all configured and runing in 100Mbit full duplex
mode.

Regards,
Sasa


-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache''s Geronimo App Server.
Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php

On Saturday 12 November 2005 05:43, Sasa Stupar wrote:
> Is there something I could do to make it more faster since I use server as
> Samba server also?
If you ''shorewall clear'', does the speed improve? (be sure to
''shorewall
start'' after you test).

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

--On 12. november 2005 7:48 -0800 Tom Eastep <teastep@shorewall.net>
wrote:
> On Saturday 12 November 2005 05:43, Sasa Stupar wrote:
>
>> Is there something I could do to make it more faster since I use server
>> as Samba server also?
>
> If you ''shorewall clear'', does the speed improve? (be
sure to ''shorewall
> start'' after you test).
>
> -Tom

Yes. It improves to 4800 kbit so it makes difference for 1000 kbit.

Sasa



-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache''s Geronimo App Server.
Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php

On Saturday 12 November 2005 09:01, Sasa Stupar wrote:
> --On 12. november 2005 7:48 -0800 Tom Eastep <teastep@shorewall.net>
wrote:
> > On Saturday 12 November 2005 05:43, Sasa Stupar wrote:
> >> Is there something I could do to make it more faster since I use
server
> >> as Samba server also?
> >
> > If you ''shorewall clear'', does the speed improve?
(be sure to ''shorewall
> > start'' after you test).
> >
> > -Tom
>
> Yes. It improves to 4800 kbit so it makes difference for 1000 kbit.
>
Does ''ip -s link ls'' show a significant error rate on either
of the interfaces
involved?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

--On 12. november 2005 9:03 -0800 Tom Eastep <teastep@shorewall.net>
wrote:
> On Saturday 12 November 2005 09:01, Sasa Stupar wrote:
>> --On 12. november 2005 7:48 -0800 Tom Eastep
<teastep@shorewall.net>
>> wrote:
>> > On Saturday 12 November 2005 05:43, Sasa Stupar wrote:
>> >> Is there something I could do to make it more faster since I
use
>> >> server as Samba server also?
>> >
>> > If you ''shorewall clear'', does the speed
improve? (be sure to
>> > ''shorewall start'' after you test).
>> >
>> > -Tom
>>
>> Yes. It improves to 4800 kbit so it makes difference for 1000 kbit.
>>
>
> Does ''ip -s link ls'' show a significant error rate on
either of the
> interfaces  involved?
>
> -Tom

[root@router ~]# ip -s link ls
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    RX: bytes  packets  errors  dropped overrun mcast
    342665     3424     0       0       0       0
    TX: bytes  packets  errors  dropped carrier collsns
    342665     3424     0       0       0       0
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:50:bf:7a:5e:e5 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast
    3672338423 78444017 0       0       0       0
    TX: bytes  packets  errors  dropped carrier collsns
    3509013906 18849409 0       0       0       0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:30:4f:24:58:01 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast
    4063738827 26299611 75      0       0       0
    TX: bytes  packets  errors  dropped carrier collsns
    3655177119 28812613 0       0       0       0
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:50:bf:e0:5d:35 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast
    3912005699 11457452 4       0       0       0
    TX: bytes  packets  errors  dropped carrier collsns
    818228617  7805581  0       0       0       0
5: sit0: <NOARP> mtu 1480 qdisc noop
    link/sit 0.0.0.0 brd 0.0.0.0
    RX: bytes  packets  errors  dropped overrun mcast
    0          0        0       0       0       0
    TX: bytes  packets  errors  dropped carrier collsns
    0          0        0       0       0       0




-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache''s Geronimo App Server.
Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php

On Saturday 12 November 2005 09:14, Sasa Stupar wrote:
> --On 12. november 2005 9:03 -0800 Tom Eastep <teastep@shorewall.net>
wrote:
> >
> > Does ''ip -s link ls'' show a significant error rate
on either of the
> > interfaces  involved?
> >
> > -Tom
>
> [root@router ~]# ip -s link ls
No significant error rates -- I guess the next thing I would suggest is to 
look at a slow traffic flow with Ethereal and see if you see anything odd.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

--On 12. november 2005 11:17 -0800 Tom Eastep <teastep@shorewall.net>
wrote:
> On Saturday 12 November 2005 09:14, Sasa Stupar wrote:
>> --On 12. november 2005 9:03 -0800 Tom Eastep
<teastep@shorewall.net>
>> wrote:
>
>> >
>> > Does ''ip -s link ls'' show a significant error
rate on either of the
>> > interfaces  involved?
>> >
>> > -Tom
>>
>> [root@router ~]# ip -s link ls
>
> No significant error rates -- I guess the next thing I would suggest is
> to  look at a slow traffic flow with Ethereal and see if you see anything
> odd.
>
> -Tom

I am trying to run tethereal but I don''t know how to filter only ftp. I
have never used tethereal before and the man pages are confusing.
Some help would be appreciated.

Regards,
Sasa



-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache''s Geronimo App Server.
Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php

On Monday 14 November 2005 10:48, Sasa Stupar wrote:
> --On 12. november 2005 11:17 -0800 Tom Eastep <teastep@shorewall.net>
wrote:
> > On Saturday 12 November 2005 09:14, Sasa Stupar wrote:
> >> --On 12. november 2005 9:03 -0800 Tom Eastep
<teastep@shorewall.net>
> >>
> >> wrote:
> >> > Does ''ip -s link ls'' show a significant
error rate on either of the
> >> > interfaces  involved?
> >> >
> >> > -Tom
> >>
> >> [root@router ~]# ip -s link ls
> >
> > No significant error rates -- I guess the next thing I would suggest
is
> > to  look at a slow traffic flow with Ethereal and see if you see
anything
> > odd.
> >
> > -Tom
>
> I am trying to run tethereal but I don''t know how to filter only
ftp. I
> have never used tethereal before and the man pages are confusing.
> Some help would be appreciated.
FTP is hard to filter because two connections are involved (one of which is 
dynamic) -- why don''t you just use ''host <FTP client ip
address>''?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

--On 14. november 2005 11:50 -0800 Tom Eastep <teastep@shorewall.net>
wrote:
> On Monday 14 November 2005 10:48, Sasa Stupar wrote:
>> --On 12. november 2005 11:17 -0800 Tom Eastep
<teastep@shorewall.net>
>> wrote:
>> > On Saturday 12 November 2005 09:14, Sasa Stupar wrote:
>> >> --On 12. november 2005 9:03 -0800 Tom Eastep
<teastep@shorewall.net>
>> >>
>> >> wrote:
>> >> > Does ''ip -s link ls'' show a significant
error rate on either of the
>> >> > interfaces  involved?
>> >> >
>> >> > -Tom
>> >>
>> >> [root@router ~]# ip -s link ls
>> >
>> > No significant error rates -- I guess the next thing I would
suggest is
>> > to  look at a slow traffic flow with Ethereal and see if you see
>> > anything odd.
>> >
>> > -Tom
>>
>> I am trying to run tethereal but I don''t know how to filter
only ftp. I
>> have never used tethereal before and the man pages are confusing.
>> Some help would be appreciated.
>
> FTP is hard to filter because two connections are involved (one of which
> is  dynamic) -- why don''t you just use ''host <FTP
client ip address>''?
>
> -Tom
Update - I have noticed that when I do my transfer CPU usage is at 100% on 
shorewall router.
Is this normal?

Regards,
Sasa




-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.  Get Certified Today
Register for a JBoss Training Course.  Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click

On Thursday 17 November 2005 12:49, Sasa Stupar wrote:
>
> Update - I have noticed that when I do my transfer CPU usage is at 100% on
> shorewall router.
> Is this normal?
No -- 

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

On Thursday 17 November 2005 13:34, Tom Eastep wrote:
> On Thursday 17 November 2005 12:49, Sasa Stupar wrote:
> > Update - I have noticed that when I do my transfer CPU usage is at
100%
> > on shorewall router.
> > Is this normal?
>
> No --
Do you a large blacklist? If so, what is your BLACKLISTNEWONLY setting?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

On Thursday 17 November 2005 13:39, Tom Eastep wrote:
> On Thursday 17 November 2005 13:34, Tom Eastep wrote:
> > On Thursday 17 November 2005 12:49, Sasa Stupar wrote:
> > > Update - I have noticed that when I do my transfer CPU usage is
at 100%
> > > on shorewall router.
> > > Is this normal?
> >
> > No --
>
> Do you a large blacklist? If so, what is your BLACKLISTNEWONLY setting?
Also, do you see this high CPU utilization with Shorewall turned off 
("shorewall clear")?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Tom Eastep wrote:
> ...
>>>>Update - I have noticed that when I do my transfer CPU usage is
at 100%
>>>>on shorewall router.
>>>>Is this normal?
>>>No --
>>Do you a large blacklist? If so, what is your BLACKLISTNEWONLY setting?
> 
> Also, do you see this high CPU utilization with Shorewall turned off 
> ("shorewall clear")?
Also, are you running it on a Pentium 100?  ;-)

Paul



-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.  Get Certified Today
Register for a JBoss Training Course.  Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click

On Thursday 17 November 2005 13:47, Tom Eastep wrote:
> On Thursday 17 November 2005 13:39, Tom Eastep wrote:
> > On Thursday 17 November 2005 13:34, Tom Eastep wrote:
> > > On Thursday 17 November 2005 12:49, Sasa Stupar wrote:
> > > > Update - I have noticed that when I do my transfer CPU usage
is at
> > > > 100% on shorewall router.
> > > > Is this normal?
> > >
> > > No --
> >
> > Do you a large blacklist? If so, what is your BLACKLISTNEWONLY
setting?
>
> Also, do you see this high CPU utilization with Shorewall turned off
> ("shorewall clear")?
A couple of more things:

a) You can reduce the CPU utilization caused by high network traffic by 
enabling the NAPI option for your network interfaces when you build your 
kernel (assuming that the driver supports that option).

b) You didn''t mention what your CPU was busy doing -- are you running
ntop,
for example?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

--On 17. november 2005 13:39 -0800 Tom Eastep <teastep@shorewall.net>
wrote:
> On Thursday 17 November 2005 13:34, Tom Eastep wrote:
>> On Thursday 17 November 2005 12:49, Sasa Stupar wrote:
>> > Update - I have noticed that when I do my transfer CPU usage is at
100%
>> > on shorewall router.
>> > Is this normal?
>>
>> No --
>
> Do you a large blacklist? If so, what is your BLACKLISTNEWONLY setting?
>
> -Tom

No blacklist at all.

--Sasa



-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.  Get Certified Today
Register for a JBoss Training Course.  Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click

--On 17. november 2005 13:47 -0800 Tom Eastep <teastep@shorewall.net>
wrote:
> On Thursday 17 November 2005 13:39, Tom Eastep wrote:
>> On Thursday 17 November 2005 13:34, Tom Eastep wrote:
>> > On Thursday 17 November 2005 12:49, Sasa Stupar wrote:
>> > > Update - I have noticed that when I do my transfer CPU usage
is at
>> > > 100% on shorewall router.
>> > > Is this normal?
>> >
>> > No --
>>
>> Do you a large blacklist? If so, what is your BLACKLISTNEWONLY setting?
>
> Also, do you see this high CPU utilization with Shorewall turned off
> ("shorewall clear")?
>
> -Tom

YES.

--Sasa



-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.  Get Certified Today
Register for a JBoss Training Course.  Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click

--On 18. november 2005 8:54 +1000 Paul Gear <pgear@redlands.qld.edu.au> 
wrote:
> Tom Eastep wrote:
>> ...
>>>>> Update - I have noticed that when I do my transfer CPU
usage is at
>>>>> 100% on shorewall router.
>>>>> Is this normal?
>>>> No --
>>> Do you a large blacklist? If so, what is your BLACKLISTNEWONLY
setting?
>>
>> Also, do you see this high CPU utilization with Shorewall turned off
>> ("shorewall clear")?
>
> Also, are you running it on a Pentium 100?  ;-)
>
> Paul

It is Pentium 166.

--Sasa


-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.  Get Certified Today
Register for a JBoss Training Course.  Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click

--On 17. november 2005 15:37 -0800 Tom Eastep <teastep@shorewall.net>
wrote:
> On Thursday 17 November 2005 13:47, Tom Eastep wrote:
>> On Thursday 17 November 2005 13:39, Tom Eastep wrote:
>> > On Thursday 17 November 2005 13:34, Tom Eastep wrote:
>> > > On Thursday 17 November 2005 12:49, Sasa Stupar wrote:
>> > > > Update - I have noticed that when I do my transfer CPU
usage is at
>> > > > 100% on shorewall router.
>> > > > Is this normal?
>> > >
>> > > No --
>> >
>> > Do you a large blacklist? If so, what is your BLACKLISTNEWONLY
setting?
>>
>> Also, do you see this high CPU utilization with Shorewall turned off
>> ("shorewall clear")?
>
> A couple of more things:
>
> a) You can reduce the CPU utilization caused by high network traffic by
> enabling the NAPI option for your network interfaces when you build your
> kernel (assuming that the driver supports that option).
>
> b) You didn''t mention what your CPU was busy doing -- are you
running
> ntop,  for example?
>
> -Tom

a) My NIC''s are all Realtek 8139 series

b) no, I don''t run anything


--Sasa



-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.  Get Certified Today
Register for a JBoss Training Course.  Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click

>
>
> --On 17. november 2005 15:37 -0800 Tom Eastep <teastep@shorewall.net>
> wrote:
>
>> On Thursday 17 November 2005 13:47, Tom Eastep wrote:
>>> On Thursday 17 November 2005 13:39, Tom Eastep wrote:
>>> > On Thursday 17 November 2005 13:34, Tom Eastep wrote:
>>> > > On Thursday 17 November 2005 12:49, Sasa Stupar wrote:
>>> > > > Update - I have noticed that when I do my transfer
CPU usage is
>>> at
>>> > > > 100% on shorewall router.
>>> > > > Is this normal?
>>> > >
>>> > > No --
>>> >
>>> > Do you a large blacklist? If so, what is your BLACKLISTNEWONLY
>>> setting?
>>>
>>> Also, do you see this high CPU utilization with Shorewall turned
off
>>> ("shorewall clear")?
>>
>> A couple of more things:
>>
>> a) You can reduce the CPU utilization caused by high network traffic by
>> enabling the NAPI option for your network interfaces when you build
your
>> kernel (assuming that the driver supports that option).
>>
>> b) You didn''t mention what your CPU was busy doing -- are you
running
>> ntop,  for example?
>>
>> -Tom
>
>
> a) My NIC''s are all Realtek 8139 series
Then I''m not surprised, put in some "decent" NIC''s
(like Intel e100 or so)
and try again.

Simon
>
> b) no, I don''t run anything
>
>
> --Sasa
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by the JBoss Inc.  Get Certified Today
> Register for a JBoss Training Course.  Free Certification Exam
> for All Training Attendees Through End of 2005. For more info visit:
> http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>

-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.  Get Certified Today
Register for a JBoss Training Course.  Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_idv28&alloc_id845&op=click

--On 18. november 2005 11:40 +0100 Simon Matter 
<simon.matter@ch.sauter-bc.com> wrote:
>>
>>
>> --On 17. november 2005 15:37 -0800 Tom Eastep
<teastep@shorewall.net>
>> wrote:
>>
>>> On Thursday 17 November 2005 13:47, Tom Eastep wrote:
>>>> On Thursday 17 November 2005 13:39, Tom Eastep wrote:
>>>> > On Thursday 17 November 2005 13:34, Tom Eastep wrote:
>>>> > > On Thursday 17 November 2005 12:49, Sasa Stupar
wrote:
>>>> > > > Update - I have noticed that when I do my
transfer CPU usage is
>>>> at
>>>> > > > 100% on shorewall router.
>>>> > > > Is this normal?
>>>> > >
>>>> > > No --
>>>> >
>>>> > Do you a large blacklist? If so, what is your
BLACKLISTNEWONLY
>>>> setting?
>>>>
>>>> Also, do you see this high CPU utilization with Shorewall
turned off
>>>> ("shorewall clear")?
>>>
>>> A couple of more things:
>>>
>>> a) You can reduce the CPU utilization caused by high network
traffic by
>>> enabling the NAPI option for your network interfaces when you build
your
>>> kernel (assuming that the driver supports that option).
>>>
>>> b) You didn''t mention what your CPU was busy doing -- are
you running
>>> ntop,  for example?
>>>
>>> -Tom
>>
>>
>> a) My NIC''s are all Realtek 8139 series
>
> Then I''m not surprised, put in some "decent"
NIC''s (like Intel e100 or so)
> and try again.
>
> Simon
>
>
What about 3com905 series? Would this be OK?

Sasa


-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.  Get Certified Today
Register for a JBoss Training Course.  Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click

>
>
> --On 18. november 2005 11:40 +0100 Simon Matter
> <simon.matter@ch.sauter-bc.com> wrote:
>
>>>
>>>
>>> --On 17. november 2005 15:37 -0800 Tom Eastep
<teastep@shorewall.net>
>>> wrote:
>>>
>>>> On Thursday 17 November 2005 13:47, Tom Eastep wrote:
>>>>> On Thursday 17 November 2005 13:39, Tom Eastep wrote:
>>>>> > On Thursday 17 November 2005 13:34, Tom Eastep wrote:
>>>>> > > On Thursday 17 November 2005 12:49, Sasa Stupar
wrote:
>>>>> > > > Update - I have noticed that when I do my
transfer CPU usage is
>>>>> at
>>>>> > > > 100% on shorewall router.
>>>>> > > > Is this normal?
>>>>> > >
>>>>> > > No --
>>>>> >
>>>>> > Do you a large blacklist? If so, what is your
BLACKLISTNEWONLY
>>>>> setting?
>>>>>
>>>>> Also, do you see this high CPU utilization with Shorewall
turned off
>>>>> ("shorewall clear")?
>>>>
>>>> A couple of more things:
>>>>
>>>> a) You can reduce the CPU utilization caused by high network
traffic
>>>> by
>>>> enabling the NAPI option for your network interfaces when you
build
>>>> your
>>>> kernel (assuming that the driver supports that option).
>>>>
>>>> b) You didn''t mention what your CPU was busy doing --
are you running
>>>> ntop,  for example?
>>>>
>>>> -Tom
>>>
>>>
>>> a) My NIC''s are all Realtek 8139 series
>>
>> Then I''m not surprised, put in some "decent"
NIC''s (like Intel e100 or
>> so)
>> and try again.
>>
>> Simon
>>
>>
>
> What about 3com905 series? Would this be OK?
Yes, they are fine too. I would be very suprised if you don''t see much
better performance with much lower CPU usage with those cards.

Simon


-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.  Get Certified Today
Register for a JBoss Training Course.  Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_idv28&alloc_id845&op=click

Sasa Stupar wrote:
> ...
>> Also, do you see this high CPU utilization with Shorewall turned off
>> ("shorewall clear")?
>>
>> -Tom
> 
> 
> YES.
Then i would say that your problem is not related to Shorewall.
Expecting anything out of a P166 is a expecting a bit much, IMHO.  :-)

Paul



-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.  Get Certified Today
Register for a JBoss Training Course.  Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click