[SOLVED] Problem with gigabit network cards in Slackware 13.1 x64
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Problem with gigabit network cards in Slackware 13.1 x64
Hello friends !
Recently bought a new system Motherboard Asus M4N68T-M LE V2 with a built in gigabit card And one Intel 82574L gigabit card. The problem is that it just wont work on my LAN for web surfing download from ftp is at full speed 100mbit. I use this computer as a gateway to distribute inter net to my local lan. Worked perfect on my old computer with 2 100mbit network cards and im jusing the same iptables config for the new computer. Maby thats the problem?? Im no iptables expert so i got it from a script. Help is very appreciated.
Code:
IPT="/usr/sbin/iptables"
SPAMLIST="blockedip"
SPAMDROPMSG="BLOCKED IP DROP"
echo "Starting IPv4 Wall..."
echo " applying general security settings to /proc filesystem"
echo ""
if [ -e /proc/sys/net/ipv4/tcp_syncookies ]; then echo 1 > /proc/sys/net/ipv4/tcp_syncookies; fi
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter; fi
if [ -e /proc/sys/net/ipv4/ip_forward ]; then echo 1 > /proc/sys/net/ipv4/ip_forward; fi
# load some modules
if [ -e /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ip_nat_irc.o ]; then modprobe ip_nat_irc; fi
if [ -e /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ip_conntrack_irc.o ]; then modprobe ip_conntrack_irc; fi
if [ -e /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o ]; then modprobe ip_conntrack_ftp; fi
if [ -e /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ip_nat_ftp.o ]; then modprobe ip_nat_ftp; fi
$IPT -F
$IPT -X
$IPT -t nat -F
$IPT -t nat -X
$IPT -t mangle -F
$IPT -t mangle -X
modprobe ip_conntrack
[ -f /root/blocked.ip.txt ] && BADIPS=$(egrep -v -e "^#|^$" /root/blocked.ip.txt)
PUB_IF="eth0"
#unlimited
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT
# DROP all incomming traffic
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
echo " applying nat rules"
echo ""
$IPT -F FORWARD
$IPT -F -t nat
$IPT -P FORWARD DROP
$IPT -A FORWARD -i eth1 -j ACCEPT
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A OUTPUT -o eth1 -j ACCEPT
$IPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
if [ -f /root/blocked.ip.txt ];
then
# create a new iptables list
$IPT -N $SPAMLIST
for ipblock in $BADIPS
do
$IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG"
$IPT -A $SPAMLIST -s $ipblock -j DROP
done
$IPT -I INPUT -j $SPAMLIST
$IPT -I OUTPUT -j $SPAMLIST
$IPT -I FORWARD -j $SPAMLIST
fi
# Block sync
$IPT -A INPUT -i ${PUB_IF} -p tcp ! --syn -m state --state NEW -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "Drop Sync"
$IPT -A INPUT -i ${PUB_IF} -p tcp ! --syn -m state --state NEW -j DROP
# Block Fragments
$IPT -A INPUT -i ${PUB_IF} -f -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "Fragments Packets"
$IPT -A INPUT -i ${PUB_IF} -f -j DROP
# Block bad stuff
$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL NONE -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "NULL Packets"
$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL NONE -j DROP # NULL packets
$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags SYN,FIN SYN,FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "XMAS Packets"
$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP #XMAS
$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags FIN,ACK FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "Fin Packets Scan"
$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags FIN,ACK FIN -j DROP # FIN packet scans
$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
# Allow full outgoing connection but no incomming stuff
$IPT -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -o eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
# Allow ssh
$IPT -A INPUT -p tcp --destination-port 22 -j ACCEPT
# allow incomming ICMP ping pong stuff
$IPT -A INPUT -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -p icmp --icmp-type 0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow port 53 tcp/udp (DNS Server)
#$IPT -A INPUT -p udp --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
#$IPT -A OUTPUT -p udp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
#$IPT -A INPUT -p tcp --destination-port 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
#$IPT -A OUTPUT -p tcp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Open port 80
$IPT -A INPUT -p tcp --destination-port 80 -j ACCEPT
#$iptables -A INPUT -p tcp --dport 8112 -j ACCEPT
$IPT -A INPUT -p tcp --dport 80 -j ACCEPT
$IPT -A INPUT -p tcp --dport 8080 -j ACCEPT
$IPT -A INPUT -p tcp --dport 10000 -j ACCEPT
$IPT -A INPUT -p tcp --dport 10001 -j ACCEPT
$IPT -A INPUT -p tcp --dport 10002 -j ACCEPT
$IPT -A INPUT -p tcp --dport 20 -j ACCEPT
$IPT -A INPUT -p tcp --dport 21 -j ACCEPT
$IPT -A INPUT -p tcp --dport 22 -j ACCEPT
$IPT -A INPUT -i eth0 -p tcp --dport 50773 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -i eth0 -p udp --dport 50773 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -p tcp --dport 12899 -j ACCEPT
$IPT -A INPUT -p tcp --dport 11001 -j ACCEPT
$IPT -A INPUT -p tcp --dport 11002 -j ACCEPT
$IPT -A INPUT -p tcp --dport 3128 -j ACCEPT
##### Add your rules below ######
##### END your rules ############
# Do not log smb/windows sharing packets - too much logging
$IPT -A INPUT -p tcp -i eth0 --dport 137:139 -j REJECT
$IPT -A INPUT -p udp -i eth0 --dport 137:139 -j REJECT
# log everything else and drop
$IPT -A INPUT -j LOG
$IPT -A FORWARD -j LOG
$IPT -A INPUT -j DROP
echo " Firewall up and running!"
echo ""
exit 0
You wrote "download from ftp is at full speed 100mbit." If the upstream connection is limited at any point to 100mbit then your new 1 gigabit card cannot increase the speed. For example, I connect to a 1 Gps server to sync my local Slackware tree, but the ISP has me throttled to about 2.5 to 3 Mbps. My 1 Gbps NIC or even my 100 Mbps router can't improve upon that. You can achieve 1 Gbps only with another card supporting 1 Gbps.
I have mixed 10/100 Mbps and 1 Gbps machines in my small LAN. Only the 1 Gbps machines talking together exceed 100 Mbps speeds. I use a D-Link DGS-2205 Gigabit switch and my Linksys WRT54GL router to connect my machines. The 1 Gbps machines are connected to the switch and the 10/100 machines are connected to the built-in switch on the Linksys router.
A quick check of the cards will help:
Code:
/usr/sbin/ethtool eth0
Settings for eth0:
Supported ports: [ MII ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised auto-negotiation: Yes
Speed: 1000Mb/s
Duplex: Full
Port: MII
PHYAD: 1
Transceiver: external
Auto-negotiation: on
Supports Wake-on: g
Wake-on: d
Link detected: yes
Take a look at iperf as a quick method of testing connections between machines on your LAN.
By the way, achieving close to 1 Gbps speed is possible with testing such as with iperf, but in the real world with actual file transfers I see speeds ranging anywhere from about 200 to 600 Mbps.
Hello friends !
Recently bought a new system Motherboard Asus M4N68T-M LE V2 with a built in gigabit card And one Intel 82574L gigabit card. The problem is that it just wont work on my LAN for web surfing download from ftp is at full speed 100mbit. I use this computer as a gateway to distribute inter net to my local lan. Worked perfect on my old computer with 2 100mbit network cards and im jusing the same iptables config for the new computer. Maby thats the problem?? Im no iptables expert so i got it from a script. Help is very appreciated.
Code:
# Open port 80
$IPT -A INPUT -p tcp --destination-port 80 -j ACCEPT
#$iptables -A INPUT -p tcp --dport 8112 -j ACCEPT
$IPT -A INPUT -p tcp --dport 80 -j ACCEPT
$IPT -A INPUT -p tcp --dport 8080 -j ACCEPT
$IPT -A INPUT -p tcp --dport 10000 -j ACCEPT
$IPT -A INPUT -p tcp --dport 10001 -j ACCEPT
$IPT -A INPUT -p tcp --dport 10002 -j ACCEPT
$IPT -A INPUT -p tcp --dport 20 -j ACCEPT
$IPT -A INPUT -p tcp --dport 21 -j ACCEPT
$IPT -A INPUT -p tcp --dport 22 -j ACCEPT
$IPT -A INPUT -i eth0 -p tcp --dport 50773 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -i eth0 -p udp --dport 50773 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -p tcp --dport 12899 -j ACCEPT
$IPT -A INPUT -p tcp --dport 11001 -j ACCEPT
$IPT -A INPUT -p tcp --dport 11002 -j ACCEPT
$IPT -A INPUT -p tcp --dport 3128 -j ACCEPT
I'm no netfilter expert either but it looks to me as though you are allowing unrestricted access from the outside world to a web server running on your machine, a Squid proxy running on your machine, an FTP server running on your machine and other servers as well. Are you really running these services on your machine and allowing the outside world to use them? The web and FTP server I can understand but a publicly-accessible Squid proxy? If not then my advice is to use Alien Bob's firewall generator to tidy up your iptables first and then we can diagnose other issues. If this is just a gateway then you don't need any services listening on your external network interface. All you need is a default block policy on the external interface, and packet forwarding as well to allow packets to travel from the LAN NIC to the external NIC and from there to your next-hop gateway.
As I say, I am no iptables expert so perhaps I have this all ends up.
eth0 is still my public iface. Bad english sorry for that But i mean that it goes really really slow to surf on web while downloading from ftp is at full speed. I have a 100/100mbit connection. And i can ssh to both interfaces. eth0 interface is limited to 100mbit from the broadband supplier router. LAN is connected at 1gbit and fast ftp transfer speeds local. It´s when im trying to surf on web-pages it goes abnormally sloooow
It´s takes forever to load a www page. File transfers is downloading at acceptable speeds.
i haven´t tried googles dns but i have the same dns that it was on the old computer and it worked flawless there no problem at all with speed issues. I get dns from internet supplier from dhcp.
Tested adding 8.8.8.8 into /etc/resolv.conf but i didn't make any different. Is there anything else i can try or should i just sell the new computer and go back to the old one that work although a little slow :/
When i type dmesg i get alot of this messages:
IN=eth0 OUT= MAC=bc:ae:c5:d8:91:95:9c:4e:20:7b:a3:c4:08:00 SRC=xxx.xxx.xxx.xxx DST=xxx.xxx.xxx.xxx LEN=129 TOS=0x00 PREC=0x00 TTL=113 ID=7466 PROTO=UDP SPT=16005 DPT=38159 LEN=109
Do your interface names still match those rules?
Like is PUB_IF really eth0 still?
You haven't yet answered mRgOBLIN's questions.
When you moved the hard drive to a new computer there is a chance the old udev rules for the NIC assignments are incorrect. udev will not delete those rules but instead will create a new rule set.
In your firewall rules you assign the variable PUB_IF to eth0. Is eth0 still the NIC for the public interface? Additionally, which NIC is assigned to eth0 by udev?
Check /etc/udev/rules.d/70-persistent-net.rules for the NIC assignments. The rules will contain the MAC address and assignment for each NIC.
eth0 is still my public iface. Bad english sorry for that But i mean that it goes really really slow to surf on web while downloading from ftp is at full speed. I have a 100/100mbit connection. And i can ssh to both interfaces. eth0 interface is limited to 100mbit from the broadband supplier router. LAN is connected at 1gbit and fast ftp transfer speeds local. It´s when im trying to surf on web-pages it goes abnormally sloooow
It´s a brand new harddrive everything on the computer is brand new newer used before im only copying some config files that i need on this new computer also.
Checked /etc/udev/rules.d/70-persistent-net.rules and it is correct.
I am still very curious about this message i get from dmesg:IN=eth0 OUT= MAC=bc:ae:c5:d8:91:95:9c:4e:20:7b:a3:c4:08:00 SRC=xxx.xxx.xxx.xxx DST=xxx.xxx.xxx.xxx LEN=129 TOS=0x00 PREC=0x00 TTL=113 ID=7466 PROTO=UDP SPT=16005 DPT=38159 LEN=109
It´s hundreds of the same type of messages. What does it mean ?
Which config files did you copy from the old system?
And maybe you can post more from dmesg or syslog or /var/log/messages
Did you try to simply switch off iptables for testing ?
Sounds like a very wrong network (routing/dns) config and a bit screwed up iptables config for me ,too
Maby iptables config is wrong but it worked perfect on the old computer. I haven't tried turning iptables off for testing yet. The network is setup from internet provider dhcp and static on the local nic. I have only copied iptables ruleset and apache config files yet
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.