LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-22-2006, 04:59 AM   #1
oracle86
LQ Newbie
 
Registered: Jul 2003
Distribution: Fedora Core 4 & 5
Posts: 5

Rep: Reputation: 0
Question using iptables2 to masq network traffic cuts my bandwidth by 2/3


i have a fedora core 4 machine setup with two nics
eth0=192.168.2.2/24
eth1=192.168.1.1/24

eth1 is the gateway for my LAN.
eth0 is directly connected to a cisco 2500(ip=192.168.2.1/24)
The cisco is connected to my DSL modem, receiving a public ip from it.

[modem]--[cisco]--[{eth0} fc4 {eth1}]--[switch]--[workstation]
public 2.1 2.2 1.1 1.75

I ran a speed test before this setup, and my results were 1.5Mb down and 500kb up.

I than configured everything this way, and ran the same test; I got results of 500kb down and 400kb up (nearly cutting my download by 2/3rds)

I then removed the fc4 machine and configured everything as it was before the setup, ran the test again, and got 1.5Mb down and 500kb up.

Any thoughts on what could cause this slow down?
the fc4 machine is a celeron 933MHz with 768RAM.
 
Old 04-22-2006, 10:28 AM   #2
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48
Do some speed tests between each machine to isolate the segments.
Could easily be two NICs which bite each other.

I prefer to use wget as a download client and different files from the same ftp/http site to avoid caching problems/interference.
 
Old 04-22-2006, 01:04 PM   #3
oracle86
LQ Newbie
 
Registered: Jul 2003
Distribution: Fedora Core 4 & 5
Posts: 5

Original Poster
Rep: Reputation: 0
before this setup, i used the fedora core machine as a file server on my LAN. I got full speed (70=Mb transfer) from both NICs. The speed test i was using was from dslreports.com.
 
Old 04-22-2006, 01:44 PM   #4
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48
What are you using for iptables rules?
The bare minimum is just the one NAT rule.

Did the FC4 box use both NICs as a server?
 
Old 04-25-2006, 01:54 AM   #5
oracle86
LQ Newbie
 
Registered: Jul 2003
Distribution: Fedora Core 4 & 5
Posts: 5

Original Poster
Rep: Reputation: 0
i used a script that i found online that setup the rules automatically. I don't know iptables very well,
so i can only trust that the script is not mallicious. without comments, heres the script
#####BEGIN SCRIPT COPY PASTE######
IPTABLES=/sbin/iptables
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe

EXTIF="eth0"
INTIF="eth1"
echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"

$MODPROBE ip_tables
$MODPROBE ip_conntrack
$MODPROBE ip_conntrack_ftp
$MODPROBE ip_conntrack_irc
$MODPROBE iptable_nat
$MODPROBE ip_nat_ftp

echo " Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward

echo " Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
#$IPTABLES -P FORWARD DROP
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -F FORWARD
$IPTABLES -t nat -F

echo " FWD: Allow all connections OUT and only existing and related ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
#$IPTABLES -A FORWARD -j


echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

echo -e "\nrc.firewall-iptables v$FWVER done.\n"
#####END SCRIPT COPY PASTE######
 
Old 04-25-2006, 02:12 AM   #6
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48
Stop iptables with /etc/init.d/iptables stop
do iptables-save to check all rules are gone and all POLICYs are ACCEPT
do route -n to ensure the correct gateway is specified

Then enter these two necessary rules..
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.2.2

and check the speed again..
If there's still a problem, it's time to try a different kernel.
How many BogoMIPS does cat /proc/cpuinfo show?
What does lsmod show?

Last edited by peter_robb; 04-25-2006 at 02:16 AM.
 
Old 04-30-2006, 04:12 AM   #7
oracle86
LQ Newbie
 
Registered: Jul 2003
Distribution: Fedora Core 4 & 5
Posts: 5

Original Poster
Rep: Reputation: 0
Unhappy

i tried that suggestion, and i got the same results.

heres the output of cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 8
model name : Celeron (Coppermine)
stepping : 10
cpu MHz : 946.836
cache size : 128 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 mtrr pge mca cmov pat pse36 mmx fxsr sse
bogomips : 1875.96

and of lsmod
Module Size Used by
cls_route 8129 0
cls_u32 8261 0
cls_fw 4929 0
sch_prio 4801 0
sch_sfq 5825 0
sch_tbf 6209 1
sch_cbq 17601 1
md5 4033 1
ipv6 268097 10
smbfs 67897 2
dm_mod 58101 0
video 15941 0
button 6609 0
battery 9413 0
ac 4805 0
uhci_hcd 35152 0
snd_intel8x0 34689 0
snd_ac97_codec 75961 1 snd_intel8x0
snd_seq_dummy 3653 0
snd_seq_oss 37057 0
snd_seq_midi_event 9153 1 snd_seq_oss
snd_seq 62289 5 snd_seq_dummy,snd_seq_oss,snd_seq_midi_event
snd_seq_device 8781 3 snd_seq_dummy,snd_seq_oss,snd_seq
snd_pcm_oss 51185 0
snd_mixer_oss 17857 1 snd_pcm_oss
snd_pcm 100169 3 snd_intel8x0,snd_ac97_codec,snd_pcm_oss
snd_timer 33605 2 snd_seq,snd_pcm
snd 57157 9 snd_intel8x0,snd_ac97_codec,snd_seq_oss,snd_seq,snd_seq_device,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd _timer
soundcore 10913 1 snd
snd_page_alloc 9669 2 snd_intel8x0,snd_pcm
e100 47297 0
3c59x 45033 0
mii 5441 2 e100,3c59x
ext3 132553 1
jbd 86233 1 ext3

I'm really frustrated, if a 70 dollar linksys box can do this no problem, why shouldn't this computer be able to handle it. The reason i want to use this setup is (ironically) to do bandwidth limiting; for certain apps and protocols.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Traffic shaping (limiting outgoing bandwidth of all TCP-traffic except FTP/HTTP) ffkodd Linux - Networking 3 10-25-2008 01:09 AM
need help setting up static route with iptables2 hedpe Linux - Networking 1 03-22-2006 09:26 PM
[Debian - Sid]Firestarter isnt masq/routing my internal traffic DeFiAnCeNL Linux - Networking 1 03-25-2005 06:35 PM
How To Check Traffic Usage/Bandwidth pjbeal Linux - Newbie 4 12-14-2004 07:29 PM
firewall script run at boot -> no masq, rerun manually -> masq worx Griffon26 Linux - Networking 2 06-24-2002 04:17 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:10 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration