OK...

Why, when I'm downloading something through my iptables-based firewall/router, do other computers' internet connections not connected through this firewall not slow down?

Here's how my network looks:

What this means, is that when Comp1, Comp2, or Comp5 (iptables) is downloading something, internet connections at Comp3 and Comp4 slow down alot, but if Comp3 or Comp4 is dowloading something; Comp1, Comp2, and Comp5 feel very little affect.

If your explanation and diagram are correct, then what you are describing would not happen. Either it was just a coincidence that you felt the affects that you did, or something is not accurate in your network topology.

You might also want to do something a little more accurate than a 'feel' test. IE, do an ftp download and record the Kilobytes per second on each machine or something.

-Jeremy

http://www.dslreports.com/speedtest

pete

NIC Bonding
To configure redundant network interfaces in a failover mode perform these procedures.


Locate the PCI Bus location of each NIC you want to be in the failover bond.

# grep bus-pci /etc/sysconfig/network/ifcfg-eth-id-<WWN>
Example:

# cd /etc/sysconfig/network
# grep bus-pci ifcfg-eth-id-00:18:8B:762:50
_nm_name='bus-pci-0000:05:00.0'
# grep bus-pci ifcfg-eth-id-00:18:8B:762:52
_nm_name='bus-pci-0000:07:00.0'

Use the current network configuration file as a template for your new bonded configuration.

# cp ifcfg-eth-id-<WWN> ifcfg-bond0
# vi ifcfg-bond0
Add the following
BONDING_MASTER=yes
BONDING_MODULE_OPTS='miimon=100 mode=1 use_carrier=1'
BONDING_SLAVE_0='<Your PCI Bus info>'
BONDING_SLAVE_1='<Your PCI Bus info>'
# rm ifcfg-eth-id-<WWN>
# rm ifcfg-eth-id-<WWN>

Update the kernel by adding the following lines to /etc/modprobe.conf

alias bond0 bonding
options bond0 mode=1 miimon=100

From the console restart the network. You may need to reboot.

# rcnetwork restart
and/or
# shutdown -r now

Bonding information can be found in /proc/net/bonding/bond0

[edit] Virtual Interfaces
If you need to additional IP addresses to an interface (such as bond0) you can modify the /etc/sysconfig/network/ifcfg-bond0 file. Reference the following example:

IPADDR_2='10.30.20.111'
NETMASK_2='255.255.252.0'
Then restart the network and check the status. Note that ifconfig will NOT show the additional IP's.

# rcnetwork restart
# ifstatus bond0

then enjoy :-)


thanks
Santhosh

I agree with Jeremy - your explanation does not make sense. You have a maximum amount of bandwidth regardless of which machine uses it. If one of them is downloading a file that is being sent at less than your maximum all other machines will still "feel" fast. (Though like he also said use something less subjective - system monitor for instance)

I do not know how you have configured machine 5 - whilst it is acting as a firewall, is it also proxying web pages giving the illiusion that the web is still fast for machines 1 & 2 perhaps ?

enigma

If that is a hub and not a switch or router, that could be the source of the problem. I forget what the proper term is but basically you can have a traffic jam.

lazlow has a point. Whenever I do large downloads and the connection is going through a hub (I do have a HUB on my LAN), I have a ton of collisions. I'm assuming this issue become worse as additional downloading hosts factor into the problem. Hubs are dumb devices and will broadcast packets across all its ports and it doesn't help that they are 10-base. Take the hub out of the equation and test to determine if it is the issue (or replace with a switch)...doing that may negate your FW's function but you're just trying to determine the bottleneck at this point in the troubleshooting.

Assuming that the device you are calling a "hub" is a true hub & not a switch, unixfool & lazlow probably have it right: your problem probably is that a hub is subject to collisions, where a true switch would not be.

Speed makes almost no difference: even at only 10 MB/s, it's about 2-6x faster than the average broadband connection. It's the traffic jams due to the packet collisions that are the problem.


BTW, while it is true that most hubs are/were only 10 MB/s, some are/were 10/100 just like modern routers & switches. Not that it cost me the $699 original retail price mentioned in the article below, but I am using a 10/100 hub/switch in my LAN right now (as I type). It's a SOHOware "SuperFlex 16-Port Dual Speed Hub" (NDS316). Hub port 16 is dead, but other than that it works fine in my current topology. I have my 3 main boxen on the switch ports & the 'Net + the rest on the hub section. Speed where I need it & not where I don't. Fortunately, there are few occasions when any of "the rest" do d/l's that would cause the collisions you are apprently experiencing.

If you're interested "ancient wisdom", aka "olds" or "blast from the past", check out this article: DUAL-SPEED WORKGROUP HUBS January 25, 1999 by J.B. Miles. To get to the actual mention of this hub, search for "NDS316" -- the specifics are almost at the end.

Comp5 is just a firewall & webserver, no proxying involved. Trust me, I would have thought of that...

Yes, I know it's a hub... well I'm pretty sure anyways. The box said "hub", and it comes with the uplink port that is a crossover port... It's a cheapo d-link (prolly like 10 dollars, I forget) hub.

Didn't think about collisions... that's probably it, but then why don't the downloads that are holding up the network slow down significantly? These downloads keep their bandwidth and everything else suffers...

[edit]
oh yeah, and the box said not to plug in an active device when the hub is on, or things will get wonky... if that helps determine the type of network device...
[/edit]