I believe this is the second time I've encountered this issue within the
past 6 mos or more. While performing some read/write tests between a
NFS client and server, I noticed speed was severely hindered on my
100mbits network with tests of writing a ~17MB file taking ~15 minutes,
of which, should only take ~8-10 seconds.
After restarting Shorewall (firewall), speeds immediately returned to normal.
Steps I took to restart the server were "/etc/init.d/shorewall stop &&
shorewall clear && /etc/init.d/shorewall start". (I was trying to see if the
configuration files were directly hindering performance. Upon restarting
shorewall, no further speed issues were noted.)
This leads me to believe, Shorewall is borking someplace -- or more correctly
put, one of the kernel modules concerning Netfilter is failing??
(Since this issue is extremely rare, it's probably next to impossible to
debug, except on past experience from others.)
Some bleak possibilities might include the use of Suspend to Disk (ie.
TuxOnIce) and kexec (kernel reload).
Here's the requested debug info for this case scenario:
=net-firewall/shorewall-3.4.8
=net-fs/nfs-utils-1.1.1
=net-libs/libnfsidmap-0.16
=net-libs/librpcsecgss-0.16
=net-libs/libgssglue-0.1
# ip addr
show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc
noqueue
link/loopback 00:00:00:00:00:00 brd
00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host
lo
inet6 ::1/128 scope
host
valid_lft forever preferred_lft
forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
qlen 1000
link/ether 00:90:27:c6:b1:08 brd
ff:ff:ff:ff:ff:ff
inet 192.168.1.3/24 brd 192.168.1.255 scope global
eth0
inet6 fe80::290:27ff:fec6:b108/64 scope
link
valid_lft forever preferred_lft
forever
3: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc
noop
link/ether 92:74:43:62:0a:57 brd
ff:ff:ff:ff:ff:ff
4: tunl0: <NOARP> mtu 1480 qdisc
noop
link/ipip 0.0.0.0 brd
0.0.0.0
5: gre0: <NOARP> mtu 1476 qdisc
noop
link/gre 0.0.0.0 brd 0.0.0.0
# ip route
show
192.168.1.0/24 dev eth0 proto kernel scope link src
192.168.1.3
127.0.0.0/8 dev lo scope
link
default via 192.168.1.1 dev eth0
--
Roger
http://www.eskimo.com/~roger/index.html
Key fingerprint = 8977 A252 2623 F567 70CD 1261 640F C963 1005 1D61
Mon Mar 31 09:53:09 AKDT 2008
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
