On Tuesday 09 July 2002 7:25 pm, Martin Josefsson wrote: > On Tue, 2002-07-09 at 20:08, Antony Stone wrote: > > On Tuesday 09 July 2002 6:57 pm, Travis Crook wrote:
> > > The firewall on the DSL is an Athlon XP 1500+. The firewall on the ISP > > > line is a PII 333. I will check on the full/half duplex issue. > > > > That's a hell of a difference, and could conceivably account for the > > bandwidth. I'd say it depends on how much RAM you have in the PII/333 > > and how many connections you're trying to support. > > No way a pII 333 is to slow to handle 2Mbit/s, my old 486 can handle > that easily. You would have to trash the conntrack hashtable with > multiple attacks to even have a chance of getting it that slow. I only said it could *conceivably* account for the bandwidth limit - I didn't say it was likely. I agree with you that a 486 can easily exceed this performance, but it depends what Travis is doing with the system - last summer I saw netfilter boxes reduced to tens of kbits/sec bandwidth by Nimda and Code Red saturating the conntracking tables with half-open links. I agree with several people here that Travis should check the hardware first, and I would also recommend testing the bandwidth by doing several downloads simultaneously from sites with high-bandwidth links, as close (in hops) to his machine as possible. Antony.
