Re: SusE 7.3 Firewall

From: BearItAll (spam_at_rassler.co.uk)
Date: 10/31/05 

Date: Mon, 31 Oct 2005 16:54:16 +0000

Marc wrote:

> Hi everybody.
> I know my question might sound odd because of the version I'm using but
> this just because of the type of system I'm running on.
>
> Short :
> I'm running a router with a firewall (Firewall2) using SuSE 7.3
> The system is a pentium 200 MHz with 94 Mb memory.
>
> I put in attachemend result of different "iptables" commands that show
> the rules that are set up.
>
> Basicaly these are the default rules.
>
> My problem is as follow.
> Before the firewall :
> Download speed : 320 KB/sec
> Upload speed : 27,1 KB/sec
>
> After the firewall
> Download speed : 7,2 KB/sec
> Upload speed : 27,9 KB/sec
>
> Ok for the upload, but such a difference for download I don't think this
> is normal do you?
> My nsswitch.conf is "hosts files dns"
> I have eth0 configure to DHCP address from the ADSL ethernet modem
> I have eth1 configured static 192.168.0.X
> and eth1:1 configure static 192.168.1.X
>
> Can anybody help me? Pleeeease ??

We can't see your attachments, also many of us only allow plain text in
through our news readers. Include your information in-line with the
message.

Obviously something wrong here. Firewalling isn't a particularly resource
hungry operation, so some small drop if fairly busy system on a smallish
buffer might be expected. But of cause you knew that or you wouldn't of
questioned it.

What could slow it down drastically is if they is a lot of filtering in the
iptables. Because you get the time of sorting the packets then the time of
reconstruction. So I suspect that when you show your iptables it will
either be explained there or from an overly small buffer (but if you
haven't specified a size then it will be a reasonable one anyway).

Relevant Pages

  • Re: Feedback solicited - best way to harden a mail/web server?
    ... Was the system protected by a properly configured firewall? ... it's not a bad "starting point" and it can generate an IPtables rule ... > nor is there a web or ftp server; aside from that I haven't tried to secure ... Before I'll install some nifty application ...
    (comp.os.linux.security)
  • Re: EMERGENCY - need to secure my server against an ongoing SPAMMER
    ... computer with a broadband connection. ... that IP range will prevent that spammer from wasting your systems ... This approach eventually makes your firewall machine so busy it has ... A better approach is to use IPTables to deny ALL inbound attempts to ...
    (Fedora)
  • linux - iptable firewall DNS question
    ... When my firewall is active, i am unable to use name solving features from my ... iptables -P INPUT ACCEPT ... # $ipnet -> adresse ip de l'interface connectée à internet ... echo ACCES AU FIREWALL DEPUIS LOCAL ...
    (comp.security.firewalls)
  • Re: firestarter start failure?
    ... It writes to iptables firewall rules, and then is done, ... unless gui is open. ... Do I have to start Firestarter after I have rebooted? ... When Firestarter is installed from a package, the firewall ...
    (Ubuntu)
  • Clearing up some security "jargon"
    ... The kernel supplies the iptables service, which is by default, ... There is no need to "turn on" a firewall. ... Consider the package "ufw", a tool that some people say can ... Consider Firestarter. ...
    (Ubuntu)