Actually, I have two issues. First is that while I have my IPTables rules running, wget is not able to make ftp connections. However, using Netscape/Mozilla on the same system, I seem to be getting the files with no problem, and they're coming down, at the moment, in the 30-40KB/second rate.
The other is that systems behind my firewall can't seem to download files very quickly...like 2-3KB per second. The external interface is connected, via router, to a very lightly used T1. I'd love to know what I might need to do to get this cleared up. Following is my /etc/sysconfig/iptables. Specific IPs edited to protect the innocent: *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [57:4777] :badflags - [0:0] :dropwall - [0:0] :firewall - [0:0] :silent - [0:0] [11:1118] -A INPUT -i lo -j ACCEPT [0:0] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j badflags [0:0] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j badflags [0:0] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j badflags [0:0] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j badflags [0:0] -A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j badflags [0:0] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j badflags [0:0] -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT [0:0] -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT [0:0] -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT [0:0] -A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT [0:0] -A INPUT -p icmp -j firewall [0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 20 -j ACCEPT [0:0] -A INPUT -i eth0 -p udp -m udp --dport 20 -j ACCEPT [0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 21 -j ACCEPT [0:0] -A INPUT -i eth0 -p udp -m udp --dport 21 -j ACCEPT [0:0] -A INPUT -s xxx.xxx.xxx.xxx -p tcp -m tcp --dport 21 -j ACCEPT [0:0] -A INPUT -s xxx.xxx.xxx.xxx -p udp -m udp --dport 21 -j ACCEPT [0:0] -A INPUT -s xxx.xxx.xxx.xxx -p tcp -m tcp --dport 21 -j ACCEPT [0:0] -A INPUT -s xxx.xxx.xxx.xxx -p udp -m udp --dport 21 -j ACCEPT [0:0] -A INPUT -s xxx.xxx.xxx.xxx -p tcp -m tcp --dport 21 -j ACCEPT [0:0] -A INPUT -s xxx.xxx.xxx.xxx -p udp -m udp --dport 21 -j ACCEPT [0:0] -A INPUT -s xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy -p tcp -m tcp --dport 21 -j ACCEPT [0:0] -A INPUT -s xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy -p udp -m udp --dport 21 -j ACCEPT [7:508] -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT [0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 23 -j ACCEPT [6:395] -A INPUT -i eth0 -p tcp -m tcp --dport 25 -j ACCEPT [0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT [0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 110 -j ACCEPT [0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 143 -j ACCEPT [0:0] -A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT [0:0] -A INPUT -i eth1 -p udp -m udp --dport 67 -j ACCEPT [0:0] -A INPUT -i eth1 -p tcp -m tcp --dport 67 -j ACCEPT [0:0] -A INPUT -i eth1 -p udp -m udp --dport 68 -j ACCEPT [0:0] -A INPUT -i eth1 -p tcp -m tcp --dport 68 -j ACCEPT [0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 113 -j ACCEPT [0:0] -A INPUT -i eth0 -p udp -m udp --dport 113 -j ACCEPT [0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 504 -j ACCEPT [0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 2000 -j ACCEPT [0:0] -A INPUT -s xxx.xxx.xxx.xxx -i eth0 -p tcp -m tcp --dport 10000 -j ACCEPT [0:0] -A INPUT -s xxx.xxx.xxx.xxx -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT [3:724] -A INPUT -s 192.168.0.0/255.255.255.0 -j ACCEPT [28:10629] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT [0:0] -A INPUT -p udp -m udp --sport 137 --dport 137 -j silent [3:687] -A INPUT -j dropwall [0:0] -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT [0:0] -A FORWARD -s 192.168.0.0/255.255.255.0 -m state --state NEW -j ACCEPT [0:0] -A badflags -m limit --limit 15/min -j LOG --log-prefix ""Badflags:"" [0:0] -A badflags -j DROP [3:687] -A dropwall -m limit --limit 15/min -j LOG --log-prefix ""Dropwall:"" [3:687] -A dropwall -j DROP [0:0] -A firewall -m limit --limit 15/min -j LOG --log-prefix ""Firewall:"" [0:0] -A firewall -j DROP [0:0] -A silent -j DROP COMMIT # Completed on Wed Oct 24 22:36:20 2001 # Generated by iptables-save v1.2.1a on Wed Oct 24 22:36:20 2001 *mangle :PREROUTING ACCEPT [142:21681] :OUTPUT ACCEPT [118:10930] COMMIT # Completed on Wed Oct 24 22:36:20 2001 # Generated by iptables-save v1.2.1a on Wed Oct 24 22:36:20 2001 *nat :PREROUTING ACCEPT [9:1796] :POSTROUTING ACCEPT [1:96] :OUTPUT ACCEPT [5:392] [5:392] -A POSTROUTING -o eth0 -j MASQUERADE COMMIT # Completed on Wed Oct 24 22:36:20 2001 _______________________________________________ Seawolf-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/seawolf-list
