Hi, I''ve been having a really strange thing happen. I can''t remember when it happened, or if it coincided with a shorewall update, but if I have shorewall "running", my 100mbps connection is limited to about 1-6mbps per connection. This is with TC/Shaping/QoS disabled or enabled. I have no idea if its shorewall doing something funky or ipables or what, but if I stop shorewall, I can download from a vps I have at upwards of 10MB/s or more. With shorewall started, I get 300KBps max. That said, it seems to be a per connection limit. I can get multi MB/s speeds when downloading a debian iso over bittorrent for instance. I''ve tried disabling a bunch of my rules to see if that would help, and it hasn''t. I''ve tested transfering to and from the firewall locally, and those connections are fine, and can saturate my GbE network, with or without shorewall running. I''ve also tested transfering from the firewall itself and from machines behind the firewall, both ways exhibit the same problem. My firewall is a Soekris 6501-50 running debian sid, on a 100mbps/5mbps cable internet connection. I''d appreciate any insight anyone might have. -- Thomas Fjellstrom thomas@fjellstrom.ca ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev
On Fri June 28, 2013 05:19:29 PM Thomas Fjellstrom wrote:> Hi, > > I''ve been having a really strange thing happen. I can''t remember when it > happened, or if it coincided with a shorewall update, but if I have > shorewall "running", my 100mbps connection is limited to about 1-6mbps per > connection. This is with TC/Shaping/QoS disabled or enabled. > > I have no idea if its shorewall doing something funky or ipables or what, > but if I stop shorewall, I can download from a vps I have at upwards of > 10MB/s or more. With shorewall started, I get 300KBps max. > > That said, it seems to be a per connection limit. I can get multi MB/s > speeds when downloading a debian iso over bittorrent for instance. > > I''ve tried disabling a bunch of my rules to see if that would help, and it > hasn''t. > > I''ve tested transfering to and from the firewall locally, and those > connections are fine, and can saturate my GbE network, with or without > shorewall running. I''ve also tested transfering from the firewall itself > and from machines behind the firewall, both ways exhibit the same problem. > > My firewall is a Soekris 6501-50 running debian sid, on a 100mbps/5mbps > cable internet connection. > > I''d appreciate any insight anyone might have.Ok, I managed to figure out one thing. Apparently I was disabling traffic shaping wrong, commenting out TC_ENABLED rather than setting it to No. This used to work, but an update somewhere along the line seems to have changed that. So, with traffic shaping enabled, I can''t seem to get any decent speed with a config that used to work fine. -- Thomas Fjellstrom thomas@fjellstrom.ca ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev
On Jun 28, 2013, at 4:50 PM, Thomas Fjellstrom <thomas@fjellstrom.ca> wrote:> On Fri June 28, 2013 05:19:29 PM Thomas Fjellstrom wrote: >> Hi, >> >> I''ve been having a really strange thing happen. I can''t remember when it >> happened, or if it coincided with a shorewall update, but if I have >> shorewall "running", my 100mbps connection is limited to about 1-6mbps per >> connection. This is with TC/Shaping/QoS disabled or enabled. >> >> I have no idea if its shorewall doing something funky or ipables or what, >> but if I stop shorewall, I can download from a vps I have at upwards of >> 10MB/s or more. With shorewall started, I get 300KBps max. >> >> That said, it seems to be a per connection limit. I can get multi MB/s >> speeds when downloading a debian iso over bittorrent for instance. >> >> I''ve tried disabling a bunch of my rules to see if that would help, and it >> hasn''t. >> >> I''ve tested transfering to and from the firewall locally, and those >> connections are fine, and can saturate my GbE network, with or without >> shorewall running. I''ve also tested transfering from the firewall itself >> and from machines behind the firewall, both ways exhibit the same problem. >> >> My firewall is a Soekris 6501-50 running debian sid, on a 100mbps/5mbps >> cable internet connection. >> >> I''d appreciate any insight anyone might have. > > Ok, I managed to figure out one thing. Apparently I was disabling traffic > shaping wrong, commenting out TC_ENABLED rather than setting it to No. This > used to work, but an update somewhere along the line seems to have changed > that. > > So, with traffic shaping enabled, I can''t seem to get any decent speed with a > config that used to work fine.Check the traffic shaping section of the FAQs. -Tom Tom Eastep \ Nothing is foolproof to a Shoreline, \ sufficiently talented fool Washington, USA \ http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev
On Fri June 28, 2013 05:55:54 PM Tom Eastep wrote:> On Jun 28, 2013, at 4:50 PM, Thomas Fjellstrom <thomas@fjellstrom.ca> wrote: > > On Fri June 28, 2013 05:19:29 PM Thomas Fjellstrom wrote: > >> Hi, > >> > >> I''ve been having a really strange thing happen. I can''t remember when it > >> happened, or if it coincided with a shorewall update, but if I have > >> shorewall "running", my 100mbps connection is limited to about 1-6mbps > >> per connection. This is with TC/Shaping/QoS disabled or enabled. > >> > >> I have no idea if its shorewall doing something funky or ipables or > >> what, but if I stop shorewall, I can download from a vps I have at > >> upwards of 10MB/s or more. With shorewall started, I get 300KBps max. > >> > >> That said, it seems to be a per connection limit. I can get multi MB/s > >> speeds when downloading a debian iso over bittorrent for instance. > >> > >> I''ve tried disabling a bunch of my rules to see if that would help, and > >> it hasn''t. > >> > >> I''ve tested transfering to and from the firewall locally, and those > >> connections are fine, and can saturate my GbE network, with or without > >> shorewall running. I''ve also tested transfering from the firewall itself > >> and from machines behind the firewall, both ways exhibit the same > >> problem. > >> > >> My firewall is a Soekris 6501-50 running debian sid, on a 100mbps/5mbps > >> cable internet connection. > >> > >> I''d appreciate any insight anyone might have. > > > > Ok, I managed to figure out one thing. Apparently I was disabling traffic > > shaping wrong, commenting out TC_ENABLED rather than setting it to No. > > This used to work, but an update somewhere along the line seems to have > > changed that. > > > > So, with traffic shaping enabled, I can''t seem to get any decent speed > > with a config that used to work fine. > > Check the traffic shaping section of the FAQs.Ah. So new linux feature causing a conflict with tc. Good to know. More or less works now. Thanks for the help.> -Tom > > Tom Eastep \ Nothing is foolproof to a > Shoreline, \ sufficiently talented fool > Washington, USA \ > http://shorewall.net \________________________________________________-- Thomas Fjellstrom thomas@fjellstrom.ca ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev