Kenneth Gonsalves wrote: > > Nothing is impossible, but as Tom has told people so many times, >> Shorewall isn't 'running' (it just configures stuff and quits). >> >> I would be VERY surprised if the firewall config itself was causing >> problems, and even more surprised if it could wipe your config. > >this is the problem we face with most ISPs. The moment they see a >linux machine they blame all failures on linux, pull out their >windows laptop and say: 'see it works perfectly'.
Yep, know exactly what you mean :-( > But when I connect >to a 150 machine LAN the link collapses. The line in question is a 2 >Mbps leased line with a huawei router. When installed it ran >perfectly for 36 hours giving the full 2 Mbps (measured using iftop) >and then failed. The firewall server had 2GB RAM. Then, to prove >their point they set up NAT on the router and connected it directly >to the LAN and it has been working perfectly since then. However >speeds have dropped dramatically - possibly due to lack of proxy >cache. Anyway, the setup was Mandriva2007 with and old version of >shorewall. I am now setting up a more uptodate box and will >investigate further. Just a couple of data points for comparison : At work we used to have a 2M line - no NAT, we have a class C block. Over a year ago I set up a box (1G Celeron, 1G RAM) to do traffic accounting and traffic control - this was operating as a bridge. There were very few rules as this wasn't a firewall, just a traffic monitor. It only had that much ram because of the graphing, where I could see the rrd process go up to 2G VM size for one of the graphs ! This box ran without problem for over a year. We recently upgraded the line to 6M (it's actually a different line), and I set up a new box running in routed mode instead of bridging. The new box is a Pentium III 1G and routes the traffic fine, and does the accounting (in and out for 254 addresses) - it only has 256M ram as the graphing is now done on a different box (the old logger) with the data files on an NFS export. This box cannot also traffic shape - it seems to max out at 4Mbps as soon as I turn on TC. The old box was Debian Sarge, the new one is Debian Etch. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
