ipchains latency
Hello,
Our company LAN is divided into two segments, and I have
just finished implementing firewalling rules for the router in between
them, to protect the inner network from the outside world. After
meticulously designing an installing my ipchains rules, I was
dismayed by the performance hit they incurred. Before installing
the firewalling rules, connection latency between the networks was
normally below ~50ms. telnet, ftp, and other logins took less than
a second to return a login prompt. Now, after installing the rules, a
connection across the firewall takes at least 10sec, occasionally
taking over 30sec. Once the login is successful, latency isn't too
bad, but still noticably worse - well over 200-300ms - when in a
telnet session. The router is a 386/33 with 16MB of RAM and two
ISA Ethernet cards. Is this an underpowered machine for
firewalling? I shouldn't think this is the problem... Are there any
errors that add to connection latency that I should be looking for in
the firewalling rules?
Thanks,
Chris Brown
cbrown@seitz.com
Seitz Technical Products Inc.
*********************************************************************
Chris Brown cbrown@seitz.com !!! HELP FIGHT SPAM !!!
Join; www.cauce.org See; spam.abuse.net, spamsucks.com, www.cm.org
****************************************************************
Reply to: