Linux firewall - downloads slow ?

[bb_matt]

Yeah, it's 3am in the morning, can't sleep [|)]

Just wondering why with my Linux firewall and the modem ethernet cable, my downloads are so slow ?

Downloading the same file from the same server with windows and the modem directly connected via the usb cable is around 12k per second.

Connecting via the firewall, with the modem plugged into the firewall via the ethernet cable, the same download is only 3k per second.

In addition, my Mandrake bittorrent download will only reach a max. of 2k per second from the firewall, but goes up to 11k direct through windows ?

Hmmm, this isn't good...

 

[privet]

I do not have the same issue...
- What are you running on the FW?
- what are you trying to download?

 

[bb_matt]

The firewall is running DHCP, DNS proxy, logging and kernel logging, ssh server (local access only), httpd (local only) & cron.

I'm trying to download Mandrake via bittorrent. Under windows, I get 12k per second (after the usualy bittorrent slowness)
I've allowed external access to ports 6881 to 6889 as previously I wouldn't get any download speed at all, only upload.

I'm going to meddle about a bit and see if it was just a fluke that it was d/l'ing slower.

 

[bb_matt]

Nope - just as slow.
I'm going to change the NIC that connects to the modem to see if that does the trick - I just read it worked for someone using Mandrake firewall. I have got mixed cards - a 10Mbps and 100Mbps - going to take out the 100Mbps and replace with an old ISA 10Mbps just to see. (I've had troubles with the 100Mbps Davicom ethernet cards and Linux before)

 

[flashvc]

Check your MTU size. I run MTU at 1412. My downloads and uploads are fine.

--

 

[bb_matt]

Would that be the mtu settings in ppp ?

It was set at 1492 and the mru was also set at that.
After doing some surfing around, I found suggestions to set the mru higher than the mtu.

 

[bb_matt]

Nope. Messing with mtu in ppp-on has no effect whatsoever. Disabling MTU detection in winXP also does nothing.

This is a definate problem I'm having - there's no way it's a fluke now. I was getting 1k per second on a d/l via the firewall.
The same download with modem connected to USB on winXP is going at 12k per second.

Very irritating, I need my damn firewall running.

 

[Jhbgirl]

I've had the same problem bb_matt. I use a router with the ethernet cable and find that bittorrent downloads just don't happen. I found a setting on my router software this morning called DMZ(Demilitarized Zone)

Description: If you have a local client PC that cannot run an Internet application properly from behind the NAT firewall, you can open the client up to unrestricted two-way Internet access by defining a virtual DMZ Host.)

I put my pc's IP in there and now bittorrent is flying 26kbps. I realise it's probably not safe, but I have ZoneAlarm Pro running at the same time, so it's probably as safe as it's going to get.

 

[bb_matt]

Hmmm - I would try that, but I'm running a standard GREEN + RED firewall, there's no ORANGE involved for DMZ settings, so I dought if it would have any effect - I'll give it a shot later tho - anything is worth trying at this stage. I'm currently connected with USB and windows downloading stuff, so I'll try it after.

Thing is, everything is slow, not just bittorrent.
I reckon when I connect, it's at about 3k per second max - I must do a connection speed test to make sure.

 

[bb_matt]

Oh dear [:I]

Having moved house recently, I hadn't setup my Slackware box so I decided to do that and do some speed tests from the link above.

Windows USB speed = 109
Windows Ethernet via firewall = 13.3

Ok, crank up the Slackware box

Slackware via firewall = 98

Thinks - hmm, now what could be causing that huge difference ?
I know, let me try swap the ethernet cable from my windows box NIC to the hub...

Da da da ! - result :-

Windows Ethernet via firewall = 93

DOH !

 

[Karnaugh]

Cant see why a Linux Firewall would slow downloads.

One problem could be p2p protocols cant connect 2 pc's behind a firewall. so if both machines are behind NAT, a connection can not be negotiated as neither of their IP's are routable, so you will loose out unless you forward some ports etc.

- Colin Alston
colin at alston dot za dot org

"Warning: Use with extreme caution."

 

[bb_matt]

Karnaugh - I fixed the issue - read above - it was the damn network cable all along. It was slightly dodgy it seems.

It now has a new home in the bin