On Tue, Jul 09, 2002 at 11:59:56AM -0600, Travis Crook wrote: > > Hello, > > I currently have two firewalls running. Both on Mandrake 8.1 running > iptables. I currently have two internet connections (one is a DSL line at > 1Mb, the other is straight from an ISP at 2.5 Mb). I can get 700Kb speeds > through the firewall on the DSL line (which is about as fast as it ever is) > but I only get about 500Kb speeds through the firewall on the ISP line. > Shouldn't I be able to get at least 2Mb speeds through this firewall? > > > > How do you measure the throughput? > > I used http://promos.mcafee.com/speedometer and http://www.dslreports.com. > I can get 3Mb testing on the firewall itself but not on a machine behind the > firewall.
Haven't been able to check the second site but the first one sends you a file and measures the actual download time. Now, imagine what happens when there is congestion along the path. Your throughput would show a very low number while the actual problem does not have anything to do with you and/or your upstream router. The reason for your "ISP line" showing 500kb and the "DSL line" showing 700Kb is IMO irrelevant to the netfilter overhead/througput. However, the delta between the same test done (a) on the firewall (b) from behind the firewall might be an indication of how fast (or slow, for that matter) the firewall machine is forwarding the packets. Like Patrick has pointed out, first of all you need to make sure that your devices and the wiring is healthy, though. Ramin > > > Ramin > > PS. Line breaks are good things. > > I'll use more linebreaks. Thanks!
