From: SBlaze <dagent.geo@yahoo.com>
To: Leonardo Rodrigues Magalh?es <leolistas@solutti.com.br>,
zhaohui_scu@sohu.com, netfilter@lists.netfilter.org
Subject: Re: how can I improve the throughput of linux firewall that use the netfilter + iptable
Date: Fri, 24 Oct 2003 10:50:07 -0700 (PDT) [thread overview]
Message-ID: <20031024175007.64124.qmail@web40201.mail.yahoo.com> (raw)
In-Reply-To: <000d01c39a3b$bb997450$8b00000a@casa>
--- Leonardo Rodrigues Magalh?es <leolistas@solutti.com.br> wrote:
>
> Number os PCs is not the most important information. We need you to give
> us some more data about the firewall you're pretending to build, like:
>
> 1) internet connection speed (256k DSL, 1.5 T1, more?? )
> 2) complexity of your rules (simple rules, very complex rules)
> 3) any other information you can share with us .....
>
>
> But I can guarantee you that netfilter can get you VERY good throughput
> **IF** you think before making the rules. We've seen lots of people
> complaining about bad throughputs but almost all the times the problem is
> related to their rules, build in a not-smart way, and not related to
> iptables/netfilter itself.
>
> Question: what's smartbits ????? I've never heard about it .....
>
>
> Sincerily,
> Leonardo Rodrigues
>
Just a note here first. I have heard unsubstantiated rummors of people using a
1500+ net on a 486 using iptables. I can no more prove that as you can about
what you read. There are several performance tweaks we can give you
here...provided we could look and see the ruleset(mask your ips though we won't
need really to see those). As Leonardo said alot can be done with a good
ruleset.
Another thing you might want to look at is the lartc(Linux Advanced Routing and
Traffic Control HOWTO). Also of interest is the ipsysctl and iptables tutorials
of Oskar Andreasson. These are INVALUABLE!!!! They are found here...
http://iptables-tutorial.frozentux.net/ and
http://ipsysctl-tutorial.frozentux.net/ here.
Also you might want to do some performance testing on your line so that if you
do make changes you can verfiy they are for the better. I reccomend here...
http://miranda.ctd.anl.gov:7123/ and http://www.dslreports.com/tweaks
Good Luck
SBlaze
=====
In the absence of order there will be chaos.
__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
next prev parent reply other threads:[~2003-10-24 17:50 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-10-24 13:22 how can I improve the throughput of linux firewall that use the netfilter + iptable zhaohui_scu
2003-10-24 14:33 ` Leonardo Rodrigues Magalh?es
2003-10-24 17:50 ` SBlaze [this message]
2003-10-26 14:27 ` Ted Kaczmarek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20031024175007.64124.qmail@web40201.mail.yahoo.com \
--to=dagent.geo@yahoo.com \
--cc=leolistas@solutti.com.br \
--cc=netfilter@lists.netfilter.org \
--cc=zhaohui_scu@sohu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.