|
Why the iptables rules slow down net transposrt speed?
I want to block all http website except www.sina.com.cn.
Code:
dig www.sina.com.cnCode:
iptables -LCode:
iptables-save > /etc/iptables/rules.v4I found that speed to open the website www.sina.com.cn slow down ,very very slow. Usually it cost 1 second to open the website www.sina.com.cn,it cost almost 1 minutes to open ,why and how to fix it? |
If you think its an iptables issue, you can try setting the default iptables policy of OUTPUT chain to DROP , if it is not.
#/sbin/iptables -P INPUT ACCEPT #/sbin/iptables -P FORWARD DROP #/sbin/iptables -P OUTPUT DROP #iptables -A OUTPUT -p tcp --dport 80 -d sina.com.cn -j ACCEPT you can modify INPUT and FORWARD policy as per requirements obviously. Hope you get my idea. Otherwise you may need to evaluate the bandwidth for your network, like check for packet loss, routing misconfigurations etc. |
Did you at any point think that www.sina.com.cn maybe using assets from other places?
for example I can see a javascript file from d1.sina.com.cn on a curl. # dig d1.sina.com.cn +short ad4.sina.com.cn. i3.sina.com.cn. http.sina.com.cn.edgesuite.net. a1957.g1.akamai.net. 23.212.108.209 23.212.108.182 I don't know what you are trying to achieve but I do not think iptables is necessarily the right tool here. More so you are dropping the outbound traffic instead of rejecting (output should never need to be dropped IMO), so the browser is just waiting for those assets to timeout. |
how to convert in disk in LVM partition
|
Ushan, please do not try to hijack threads for completely unrelated matters. If you have an issue then please create a new thread in the relevant forum (LVM has nothing to do with networking).
I'd suggest going to the newbie forum, which you should read the following thread from: http://www.linuxquestions.org/questi...osting-356388/ |
| All times are GMT -5. The time now is 03:12 AM. |