Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
04-22-2006, 03:59 AM
|
#1
|
|
LQ Newbie
Registered: Jul 2003
Distribution: Fedora Core 4 & 5
Posts: 5
Rep: 
|
using iptables2 to masq network traffic cuts my bandwidth by 2/3
i have a fedora core 4 machine setup with two nics
eth0=192.168.2.2/24
eth1=192.168.1.1/24
eth1 is the gateway for my LAN.
eth0 is directly connected to a cisco 2500(ip=192.168.2.1/24)
The cisco is connected to my DSL modem, receiving a public ip from it.
[modem]--[cisco]--[{eth0} fc4 {eth1}]--[switch]--[workstation]
public 2.1 2.2 1.1 1.75
I ran a speed test before this setup, and my results were 1.5Mb down and 500kb up.
I than configured everything this way, and ran the same test; I got results of 500kb down and 400kb up (nearly cutting my download by 2/3rds) 
I then removed the fc4 machine and configured everything as it was before the setup, ran the test again, and got 1.5Mb down and 500kb up.
Any thoughts on what could cause this slow down?
the fc4 machine is a celeron 933MHz with 768RAM. |
|
|
|
|
04-22-2006, 09:28 AM
|
#2
|
|
Senior Member
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458
Rep: 
|
Do some speed tests between each machine to isolate the segments.
Could easily be two NICs which bite each other.
I prefer to use wget as a download client and different files from the same ftp/http site to avoid caching problems/interference.
|
|
|
|
|
04-22-2006, 12:04 PM
|
#3
|
|
LQ Newbie
Registered: Jul 2003
Distribution: Fedora Core 4 & 5
Posts: 5
Original Poster
Rep:
|
before this setup, i used the fedora core machine as a file server on my LAN. I got full speed (70=Mb transfer) from both NICs. The speed test i was using was from dslreports.com.
|
|
|
|
|
04-22-2006, 12:44 PM
|
#4
|
|
Senior Member
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458
Rep:
|
What are you using for iptables rules?
The bare minimum is just the one NAT rule.
Did the FC4 box use both NICs as a server?
|
|
|
|
|
04-25-2006, 12:54 AM
|
#5
|
|
LQ Newbie
Registered: Jul 2003
Distribution: Fedora Core 4 & 5
Posts: 5
Original Poster
Rep:
|
i used a script that i found online that setup the rules automatically. I don't know iptables very well,
so i can only trust that the script is not mallicious. without comments, heres the script
#####BEGIN SCRIPT COPY PASTE######
IPTABLES=/sbin/iptables
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe
EXTIF="eth0"
INTIF="eth1"
echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"
$MODPROBE ip_tables
$MODPROBE ip_conntrack
$MODPROBE ip_conntrack_ftp
$MODPROBE ip_conntrack_irc
$MODPROBE iptable_nat
$MODPROBE ip_nat_ftp
echo " Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo " Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
#$IPTABLES -P FORWARD DROP
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
echo " FWD: Allow all connections OUT and only existing and related ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
#$IPTABLES -A FORWARD -j
echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
echo -e "\nrc.firewall-iptables v$FWVER done.\n"
#####END SCRIPT COPY PASTE######
|
|
|
|
|
04-25-2006, 01:12 AM
|
#6
|
|
Senior Member
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458
Rep:
|
Stop iptables with /etc/init.d/iptables stop
do iptables-save to check all rules are gone and all POLICYs are ACCEPT
do route -n to ensure the correct gateway is specified
Then enter these two necessary rules..
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.2.2
and check the speed again..
If there's still a problem, it's time to try a different kernel.
How many BogoMIPS does cat /proc/cpuinfo show?
What does lsmod show?
Last edited by peter_robb; 04-25-2006 at 01:16 AM.
|
|
|
|
|
04-30-2006, 03:12 AM
|
#7
|
|
LQ Newbie
Registered: Jul 2003
Distribution: Fedora Core 4 & 5
Posts: 5
Original Poster
Rep:
|
i tried that suggestion, and i got the same results.
heres the output of cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 8
model name : Celeron (Coppermine)
stepping : 10
cpu MHz : 946.836
cache size : 128 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 mtrr pge mca cmov pat pse36 mmx fxsr sse
bogomips : 1875.96
and of lsmod
Module Size Used by
cls_route 8129 0
cls_u32 8261 0
cls_fw 4929 0
sch_prio 4801 0
sch_sfq 5825 0
sch_tbf 6209 1
sch_cbq 17601 1
md5 4033 1
ipv6 268097 10
smbfs 67897 2
dm_mod 58101 0
video 15941 0
button 6609 0
battery 9413 0
ac 4805 0
uhci_hcd 35152 0
snd_intel8x0 34689 0
snd_ac97_codec 75961 1 snd_intel8x0
snd_seq_dummy 3653 0
snd_seq_oss 37057 0
snd_seq_midi_event 9153 1 snd_seq_oss
snd_seq 62289 5 snd_seq_dummy,snd_seq_oss,snd_seq_midi_event
snd_seq_device 8781 3 snd_seq_dummy,snd_seq_oss,snd_seq
snd_pcm_oss 51185 0
snd_mixer_oss 17857 1 snd_pcm_oss
snd_pcm 100169 3 snd_intel8x0,snd_ac97_codec,snd_pcm_oss
snd_timer 33605 2 snd_seq,snd_pcm
snd 57157 9 snd_intel8x0,snd_ac97_codec,snd_seq_oss,snd_seq,snd_seq_device,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd _timer
soundcore 10913 1 snd
snd_page_alloc 9669 2 snd_intel8x0,snd_pcm
e100 47297 0
3c59x 45033 0
mii 5441 2 e100,3c59x
ext3 132553 1
jbd 86233 1 ext3
I'm really frustrated, if a 70 dollar linksys box can do this no problem, why shouldn't this computer be able to handle it. The reason i want to use this setup is (ironically) to do bandwidth limiting; for certain apps and protocols.
|
|
|
|
All times are GMT -5. The time now is 05:37 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
