Hi Mike, This particular question just begs for more info, because the underlying issue is one of performance vs setup of your firewall..
For example, how about FTP'ing from the firewall to an INTERNAL server? What's the speed of *that* transfer?? What's the specs on the machine that you setup as the firewall? What kind of NIC's (type, speed, settings) are you using? Are you using NAT? What release of Seawolf are you using? Any upgrades or patches? How about other types of transfers from the clients, such as HTTP downloads? Do they also fare as badly? While I agree with you, your setup should NOT be showing such a large discrepancy in download speeds (considering that you should be able to sustain well over 100kb/sec downloads with your setup, assuming you have a full T1 line available (theoretically, you should be able to hit a max of 192Kbytes/sec minus overhead and latency issues)), and 3Kb/sec is WAYYYY too slow. But I'd also suggest that your 40 - 80Kb/sec is also off by half at least... That indicates that either you're not hitting a fast server, or your firewall isn't up to the task of maintaining available wirespeed transfers... Probably due to setup issues (conflicts in HW setup, shared IRQ's on devices that don't share well, inadequate device capabilities (like ISA-based NIC's instead of PCI, etc). Anyways, I'm off to work for the day, but if you'd post back some of the specifics of your installation, I'd be happy to give it a look-see and see if there's any glaring discrepancies with it... Robert -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mike Burger Sent: November 13, 2001 8:49 AM To: [EMAIL PROTECTED] Subject: Slow FTP from behind Netfilter/IPTables firewall. My firewall is connected to a relatively low use T1 by way of 100MB switch. Performing FTP downloads, from a console session on the firewall/server, I routinely see speeds between 40 and 80 K/s. The systems behind the firewall, however, can't seem to get FTP downloads that go any faster than 3K/s. These systems are connected to the firewall by 10Meg hub, but that really shouldn't make a difference...especially not that much of a difference. Does anyone have any idea what might be causing such a massive speed discrepancy, and how I might fix it? If necessary, I can post my ruleset(s). Thanks. --Mike _______________________________________________ Seawolf-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/seawolf-list _______________________________________________ Seawolf-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/seawolf-list
