ipchains latency

To: debian-user@lists.debian.org
Cc: ross@seitz.com
Subject: ipchains latency
From: "Chris Brown" <cbrown@seitz.com>
Date: Mon, 12 Jun 2000 17:30:37 -0500
Message-id: <[🔎] 4E23E431A81@hal.seitz.com>
Reply-to: cbrown@seitz.com

Hello,

	Our company LAN is divided into two segments, and I have 
just finished implementing firewalling rules for the router in between 
them, to protect the inner network from the outside world.  After 
meticulously designing an installing my ipchains rules, I was 
dismayed by the performance hit they incurred.  Before installing 
the firewalling rules, connection latency between the networks was 
normally below ~50ms.  telnet, ftp, and other logins took less than 
a second to return a login prompt.  Now, after installing the rules, a 
connection across the firewall takes at least 10sec, occasionally 
taking over 30sec.  Once the login is successful, latency isn't too 
bad, but still noticably worse - well over 200-300ms - when in a 
telnet session.  The router is a 386/33 with 16MB of RAM and two 
ISA Ethernet cards.  Is this an underpowered machine for 
firewalling?  I shouldn't think this is the problem...  Are there any 
errors that add to connection latency that I should be looking for in 
the firewalling rules?

Thanks,
	Chris Brown
	cbrown@seitz.com
	Seitz Technical Products Inc.



 *********************************************************************
 Chris Brown       cbrown@seitz.com         !!! HELP FIGHT SPAM !!!

 Join; www.cauce.org  See; spam.abuse.net, spamsucks.com, www.cm.org
 ****************************************************************

Reply to:

Follow-Ups:
- Re: ipchains latency
  - From: "Jens B. Jorgensen" <jens.jorgensen@cmgisolutions.com>
- Re: ipchains latency
  - From: Mirek Kwasniak <mirek@zind.ikem.pwr.wroc.pl>

Prev by Date: Re: Is anyone packaging `lame' ?
Next by Date: gphoto
Previous by thread: Re: Is anyone packaging `lame' ?
Next by thread: Re: ipchains latency
Index(es):
- Date
- Thread