OK thanks everyone - I'm going to try to craft a better config based on this feedback.
To demonstrate my basic problem though, here you have it. I've noticed lately that my connection is slow so I wrote some scripts to replicate the speedtest.net tests to my ISPs speedtest server. My results for downloads have been terrible (5 to 8Mbit/s on a line that should be 28Mbit and was often faster than that). When I connected a PC directly to the cable modem I got smoking fast speeds again, which left me to ponder what had changed since I used to get those speeds behind the firewall. The answer was : QoS Here is a quick example the first one is with my TC_ENABLED=Internal and then second one just seconds later after changing to TC_ENABLED=No and restarting shorewall. root@userver:/etc/shorewall# !wg wget -O /dev/null http://speedtest.teksavvy.com/speedtest/random1000x1000.jpg --2013-03-29 10:14:03-- http://speedtest.teksavvy.com/speedtest/random1000x1000.jpg Resolving speedtest.teksavvy.com (speedtest.teksavvy.com)... 206.248.140.50 Connecting to speedtest.teksavvy.com (speedtest.teksavvy.com)|206.248.140.50|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 1986284 (1.9M) [image/jpeg] Saving to: `/dev/null' 100%[=========================================================================================>] 1,986,284 602K/s in 3.2s 2013-03-29 10:14:06 (602 KB/s) - `/dev/null' saved [1986284/1986284] root@userver:/etc/shorewall# vi shorewall.conf root@userver:/etc/shorewall# /etc/init.d/shorewall restart Restarting "Shorewall firewall": done. root@userver:/etc/shorewall# wget -O /dev/null http://speedtest.teksavvy.com/speedtest/random1000x1000.jpg --2013-03-29 10:14:25-- http://speedtest.teksavvy.com/speedtest/random1000x1000.jpg Resolving speedtest.teksavvy.com (speedtest.teksavvy.com)... 206.248.140.50 Connecting to speedtest.teksavvy.com (speedtest.teksavvy.com)|206.248.140.50|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 1986284 (1.9M) [image/jpeg] Saving to: `/dev/null' 100%[=========================================================================================>] 1,986,284 1.94M/s in 1.0s 2013-03-29 10:14:26 (1.94 MB/s) - `/dev/null' saved [1986284/1986284] -- “Don't eat anything you've ever seen advertised on TV” - Michael Pollan, author of "In Defense of Food" ------------------------------------------------------------------------------ Own the Future-Intel(R) Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2 _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
