On Mon, 2002-12-23 at 08:02, Ben Russo wrote: > On Fri, 2002-12-20 at 13:02, lester lasad wrote: > > Thanks for the responses. Regarding the name resolution is it looking > > for itself, the local machine? The command below "iptables -L-n -V" > > just lists the version of iptables, nothing else. Doing "iptables > > -nL" gave a much quicker response. > > > > The main problem is that everything is slow after loading the rules ( > > examples: webmin, vnc, opening a shell, smtp ) Once I disable the > > rules the performance picks back up. My intentions are to make this > > server my SMTP gateway which will be handling thousands of emails on a > > daily basis and the performance issue after loading iptables is > > preventing me from deploying this server. Has anyone seen this > > behavior after enabling iptables? > > > > > Re: experience with performance. > > I have an old Pentium box (think it is a P120) with 96MB of > RAM. It can handle my Cable modem connections network of 5 > home PC's MASQUERADING with no problems at all. My wife > and I both use the internet daily. > > At a company I used to work at we had a Celeron 300MHz box > with 64MB of RAM that handled an office of about 10 people > accessing the internet through a T1 and a lab with a dozen > servers and about 200 customers on the internet and we never > had a problem with performance. > > At the same company we had a Data Center with about 50 Servers > doing IMAP, SMTP, POP, WebMail and we had thousands of customers > connected at any given time (we had 200,000+ e-mail boxes) and > we had a RedHat 7.1 firewall running on an IBM Netfinity with a > 750MHz P3 and 256MB of RAM and we would routinely have 30Mb/s > sustained throughput accross a few thousand TCP connections > over a 100Mb/s Ethernet and didn't have any problems. > > I don't think that the problem has a root cause in iptables. > I think that there may be a related misconfiguration with it.
I'd have to agree. I'm using an old Pentium 100 (that I picked up at Goodwill ;) with 48MB of RAM as a firewall/gateway for around 10 users sharing a DSL line. It handles the task easily (using Shorewall to configure the iptables). If you're trying to set up iptables, I'd highly recommend using Shorewall. -- Cliff Wells, Software Engineer Logiplex Corporation (www.logiplex.net) (503) 978-6726 x308 (800) 735-0555 x308
signature.asc
Description: This is a digitally signed message part
