On 05/03/2010 06:19 PM, sangprabv wrote: > I have problem with my shorewall. We are now doing some stress test > with a http application behind the shorewall. Firstly we send 10.000 > requests to a http based application with no firewall. It can > received 100% requests. But when we put shorewall in front of it then > it stats to loose requests. Is there any packet limitation from > shorewall all it's about conntrack? Thanks for the reply
Shorewall itself imposes no limitations besides the 20% penalty imposed by conntrack. But a stupid Shorewall configuration can certainly add lots of delay and packet loss. I suggest that you try: a) clients -> server with no intermediate Linux Router. b) clients -> Linux Router with no conntrack -> server c) clients -> Linux Router with nf_conntrack loaded -> server. d) clients -> Linux Router with Shorewall -> server. If d) is substantially worse than c), then please submit the output of 'shorewall dump' collected after the test. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
