On Fri, 2005-12-23 at 12:20 +0100, Eric Doutreleau wrote: > Steffen Kluge wrote: > > >On Thu, 2005-12-22 at 13:10 -0600, Les Mikesell wrote: > > > > > >>If you are sure that the port negotiation is working and > >>both the nic and switch are running in full duplex it > >>could be an interrupt sharing issue when running under > >>Linux. I'm not sure how to solve it, though. > >> > >> > > > >That's an interesting point, I always wondered if/when overloading a > >single interrupt (as ACPI does on my laptop) leads to performance > >problems. It would be good to see the output of ``cat /proc/interrupts'' > >in this case. > > > >I fixed the interrupt overloading on my laptop by booting with > >acpi=noirq, BTW. > > > >Cheers > >Steffen. > > > > > > > Hi folks > > I have found something > when i stop the firewall i don't lose packets anymore. > > i m wondering what could make the network freeze in my config > > i will try to remove some rules in order to see what rules is the culprit > > Here is my config > # Firewall configuration written by system-config-securitylevel > # Manual customization of this file is not recommended. > *filter > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > :RH-Firewall-1-INPUT - [0:0] > -A INPUT -j RH-Firewall-1-INPUT > -A FORWARD -j RH-Firewall-1-INPUT > -A RH-Firewall-1-INPUT -i lo -j ACCEPT > -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT > -A RH-Firewall-1-INPUT -p 50 -j ACCEPT > -A RH-Firewall-1-INPUT -p 51 -j ACCEPT > -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j > ACCEPT > # Ouverture pour portmapper (C. Bac) > #-A RH-Firewall-1-INPUT -p tcp -m tcp -s 157.159.0.0/16 --dport 111 -j > ACCEPT > #-A RH-Firewall-1-INPUT -p udp -s 157.159.0.0/16 --dport 111 -j ACCEPT > # Ouverture pour les postes de la salle > -A RH-Firewall-1-INPUT -s 157.159.15.210 -p tcp --destination-port > 1024:65535 -j ACCEPT > -A RH-Firewall-1-INPUT -s 157.159.15.211 -p tcp --destination-port > 1024:65535 -j ACCEPT > -A RH-Firewall-1-INPUT -s 157.159.15.212 -p tcp --destination-port > 1024:65535 -j ACCEPT > -A RH-Firewall-1-INPUT -s 157.159.15.213 -p tcp --destination-port > 1024:65535 -j ACCEPT > -A RH-Firewall-1-INPUT -s 157.159.15.214 -p tcp --destination-port > 1024:65535 -j ACCEPT > -A RH-Firewall-1-INPUT -s 157.159.15.215 -p tcp --destination-port > 1024:65535 -j ACCEPT > -A RH-Firewall-1-INPUT -s 157.159.15.216 -p tcp --destination-port > 1024:65535 -j ACCEPT > -A RH-Firewall-1-INPUT -s 157.159.15.217 -p tcp --destination-port > 1024:65535 -j ACCEPT > -A RH-Firewall-1-INPUT -s 157.159.15.218 -p tcp --destination-port > 1024:65535 -j ACCEPT > -A RH-Firewall-1-INPUT -s 157.159.15.219 -p tcp --destination-port > 1024:65535 -j ACCEPT > -A RH-Firewall-1-INPUT -s 157.159.15.220 -p tcp --destination-port > 1024:65535 -j ACCEPT > -A RH-Firewall-1-INPUT -s 157.159.15.221 -p tcp --destination-port > 1024:65535 -j ACCEPT > -A RH-Firewall-1-INPUT -s 157.159.15.222 -p tcp --destination-port > 1024:65535 -j ACCEPT > -A RH-Firewall-1-INPUT -p tcp -m tcp -s 157.159.10.29 -d 0/0 --dport > 5308 -j ACCEPT > # Ouverture Multicast IGMP et classe D 224/4 > -A RH-Firewall-1-INPUT -p igmp -d 224.0.0.0/28 -j ACCEPT > -A RH-Firewall-1-INPUT -s 224.0.0.0/4 -j ACCEPT > # Ouverture cfengine port pour cfrun ... > -A RH-Firewall-1-INPUT -p tcp -m tcp -s 157.159.10.29 -d 0/0 --dport > 5308 -j ACCEPT > -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited > COMMIT > Eric, Consider putting a log rule in your IPTables config. You might get a hint from the log. Bob...
