On Sat, 2004-08-07 at 17:58, Alexander Dalloz wrote: > Am Sa, den 07.08.2004 schrieb Roger Haase um 23:33: > > > I tried both of those suggestions and neither helped. So I tried not > > starting the iptables firewall at boot and my file transfers were very > > fast. > > > > So the next question is why slow transfers with the firewall "problem" > > when all my googling results seem to suggest that firewall problems > > result in no transfers at all? > > Because that is not correct. "Firewalling" on Linux with iptables > configuring the netfilters in the kernel does not only mean to open or > fully close paths for network packets. You an mangle, prioritize packets > or even let packets go very inefficient paths through different routes > in the kernel. So at all running netfilter code means CPU work and if > you have bad iptables chains and a weak CPU this can indeed effect the > throughput. > > > Roger > > Alexander Also to add --- rule order should be considered. For instance if a connection was properly established, why run it through a long series of rules. Hopefully, but not always possible, an established or related connection should be passed through on the first or second rule. Why put an established connection through a series of rules if it is already been tested? -- jludwig <wralphie@xxxxxxxxxxx>
