Hi all,

I need help configuring my firewall.
I am running a separate box as my server & accessing sites from there is fine but when accessing any site from another computer on my network it takes about 15 seconds before anything happens! Once it has made the connection though it flies along (cable connection) but it's just that first 15 seconds that has got me stumped. Granted the server is just an old crappy duron 800 but that shouldn't matter, especially seeings that access from there is instantaneous .

Anyways, heres my iptables-save output:

[root@<SERVER HOSTNAME> ~]# iptables-save
# Generated by iptables-save v1.2.11 on Sun Feb 20 17:55:53 2005
*mangle
:PREROUTING ACCEPT [23335:1345317]
:INPUT ACCEPT [23249:1334715]
:FORWARD ACCEPT [71:5558]
:OUTPUT ACCEPT [26627:18957948]
:POSTROUTING ACCEPT [26698:18963506]
COMMIT
# Completed on Sun Feb 20 17:55:53 2005
# Generated by iptables-save v1.2.11 on Sun Feb 20 17:55:53 2005
*nat
:PREROUTING DROP [4458:192479]
:POSTROUTING DROP [0:0]
:OUTPUT DROP [0:0]
-A PREROUTING -i lo -j ACCEPT
-A PREROUTING -s 192.168.0.0/255.255.255.0 -i eth1 -j ACCEPT
-A PREROUTING -m limit --limit 1/sec -j LOG --log-prefix "PRER:-> "
-A POSTROUTING -o lo -j ACCEPT
-A POSTROUTING -o eth0 -j SNAT --to-source <SERVER IP NUMBER>
-A POSTROUTING -m limit --limit 1/sec -j LOG --log-prefix "POSTR:-> "
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -s <SERVER IP NUMBER> -o eth0 -j ACCEPT
-A OUTPUT -m limit --limit 1/sec -j LOG --log-prefix "OUTR:-> "
COMMIT
# Completed on Sun Feb 20 17:55:53 2005
# Generated by iptables-save v1.2.11 on Sun Feb 20 17:55:53 2005
*filter
:INPUT DROP [19:776]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -j DROP
-A INPUT -s 10.0.0.0/255.255.255.0 -i eth0 -j DROP
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth1 -j ACCEPT
-A INPUT -d <SERVER IP NUMBER> -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m limit --limit 1/sec -j LOG --log-prefix "INPUT:-> "
-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1 -o eth0 -j ACCEPT
-A FORWARD -s 192.168.0.10 -i eth1 -j ACCEPT
-A FORWARD -s 192.168.0.2 -i eth1 -j ACCEPT
-A FORWARD -m limit --limit 1/sec -j LOG --log-prefix "FORWARD:-> "
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -d 192.168.0.0/255.255.255.0 -o eth1 -j ACCEPT
-A OUTPUT -s <SERVER IP NUMBER> -o eth0 -j ACCEPT
-A OUTPUT -d 192.168.0.0/255.255.255.0 -o eth0 -j DROP
-A OUTPUT -m limit --limit 1/sec -j LOG --log-prefix "OUTPUT:-> "
COMMIT
# Completed on Sun Feb 20 17:55:53 2005

If anyone can see a problem with this config or thinks things could be done a better way, please, I need your help!

Thanks to anyone who takes the time to aid me with this problem

Ash

Do a few tracert websitename and see where your packets are getting held up at.

Thanks for your reply musicman_ace but I sorted it about 2 hours after you posted.
It seems that my bloody service provider, "Optusnet" here in Aus, changed their bloody nameserver IP's & didn't bother to inform me, how nice of them, obviously I'm not a valued customer!! (Oh well, we can't expect too much from a phone company now can we, especially in this country!!)
So anyway, their primary became their secondary & their new primary had a completely different IP, no wonder things were bogn' up!!
I wonder how many other Linux users are out there experiencing the exact same thing?

So kiddies, what have we learned today? One should check one's nameserver IP's daily, or, the bigger the business the less they care for the customer?!? Man how I wish the our governments worked!! ARSEHOLES !!!!!