* Problems with Linux Firewall
@ 2003-07-15 21:56 A. Clausen
0 siblings, 0 replies; 2+ messages in thread
From: A. Clausen @ 2003-07-15 21:56 UTC (permalink / raw)
To: 'Netfilter Mailing List'
We've been running a Linux 2.4.19 firewall for about a year and a half
now, using Netfilter and proxyarp so that devices on both side of the
firewall can be on the same subnet. We run a wireless network, using
wireless bridges, so these should be largely invisible to the Linux
box.
Within the last four months we have suspected there is a slow down.
I've upgraded to 2.4.21 and upgraded netfilter/iptables to 1.2.8, to
no effect. Just to test things out, I grabbed an old 10mbit hub so
that I could see performance locally, and not just through the
wireless network.
Everything seemed to be going fine (around 1050kbs on an FTP
transfer), but I discovered that while that download was going on, no
other traffic, including 32 byte pings, would go through.
Now I realize that hubs are only half-duplex, but I don't ever recall
this situation, and it seems to indicate a problem with the Linux
firewall. One bad thing is that I'm running some Realtek cards (I
know I shouldn't but they've worked for over a year).
Does anybody have any ideas or suggestions?
--
Aaron Clausen
techlists@alberni.net
^ permalink raw reply [flat|nested] 2+ messages in thread
* RE: Problems with Linux Firewall
@ 2003-07-15 22:34 George Vieira
0 siblings, 0 replies; 2+ messages in thread
From: George Vieira @ 2003-07-15 22:34 UTC (permalink / raw)
To: A. Clausen, Netfilter Mailing List
I used realtek 8139 cards without problems for over 4 years.
Use a switch. Where is the slow down that your talking about, on the wireless? I'd expect that as 802.11b is 11Mbit (roughly 300-600 at the best of times) and 802.11a is 54Mbit.
If the download is running full bandwidth, I don't expect even pings to work, or at least have some timeouts... that's at FULL bandwidth.
Use iproute2 TC utilities to limit bandwidth for large traffic (ie. ftps, http, etc.)
Thanks,
____________________________________________
George Vieira
Systems Manager
georgev@citadelcomputer.com.au
Citadel Computer Systems Pty Ltd
http://www.citadelcomputer.com.au
-----Original Message-----
From: A. Clausen [mailto:techlists@alberni.net]
Sent: Wednesday, July 16, 2003 7:56 AM
To: 'Netfilter Mailing List'
Subject: Problems with Linux Firewall
We've been running a Linux 2.4.19 firewall for about a year and a half
now, using Netfilter and proxyarp so that devices on both side of the
firewall can be on the same subnet. We run a wireless network, using
wireless bridges, so these should be largely invisible to the Linux
box.
Within the last four months we have suspected there is a slow down.
I've upgraded to 2.4.21 and upgraded netfilter/iptables to 1.2.8, to
no effect. Just to test things out, I grabbed an old 10mbit hub so
that I could see performance locally, and not just through the
wireless network.
Everything seemed to be going fine (around 1050kbs on an FTP
transfer), but I discovered that while that download was going on, no
other traffic, including 32 byte pings, would go through.
Now I realize that hubs are only half-duplex, but I don't ever recall
this situation, and it seems to indicate a problem with the Linux
firewall. One bad thing is that I'm running some Realtek cards (I
know I shouldn't but they've worked for over a year).
Does anybody have any ideas or suggestions?
--
Aaron Clausen
techlists@alberni.net
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-07-15 22:34 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-07-15 21:56 Problems with Linux Firewall A. Clausen
2003-07-15 22:34 George Vieira
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.