| View previous topic :: View next topic |
| Author |
Message |
mpeg4v3
Tux's lil' helper
Joined: 16 Sep 2003
Posts: 139
|
 Posted: Sun Mar 06, 2005 11:35 pm Post subject: Speed through Gentoo Router slower than direct plug-in |
 |
|
Hi,
I currently go to college, and am on the local dorm network. I've got two jacks in my room, each going at 10mbit/sec.
I wanted to setup my own personal network, using a Gentoo box as the router, and the rest of the network behind it on a gigabit network.
After finally setting it up, I've been noticing that I can't download anywhere near as fast via the router, compared to having my computer directly plugged in.
For example: Usenet. When plugged right into the wall jack, I get a healthy ~8mbit/sec. However, when behind my router, I get a much more abysmal ~2.5mbit/sec. What gives?
My router has the following specs:
Celeron 600mhz
256mb PC100 RAM
4.3gb Seagate HDD
1x Generic Realtek 8190 chipset NIC (external NIC)
1x Intel 1000mbit Desktop NIC (internal NIC)
I've got a few other minor services running on the router, such as apache + php + mysql, but top still shows a good 100mb of RAM free. Could it be that the NIC hooked up to the external network just isn't good enough to handle routing? Or could it be a software issue? |
|
| Back to top |
|
 |
teknomage1
Veteran
Joined: 05 Aug 2003
Posts: 1239
Location: Los Angeles, CA
|
| Posted: Sun Mar 06, 2005 11:40 pm Post subject: |
|
|
| Routing is mostly a cpu activity, but 600 mhz should be more than enough for that. Do you have a very complicated packet filter chain that's slowing down the packets? |
|
| Back to top |
|
|
mpeg4v3
Tux's lil' helper
Joined: 16 Sep 2003
Posts: 139
|
| Posted: Sun Mar 06, 2005 11:43 pm Post subject: |
|
|
not at all- here's the iptables script I use:
| Code: |
#!/bin/sh
iptables -F
iptables -t nat -F
# Then we lock our services so they only work from the LAN
iptables -I INPUT 1 -i eth0 -j ACCEPT
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A INPUT -p UDP --dport bootps -i ! eth0 -j REJECT
iptables -A INPUT -p UDP --dport domain -i ! eth0 -j REJECT
iptables -I FORWARD -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow BitTorrent forwarding.
iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 32767 -j DNAT --to 192.168.13.45:32767
iptables -A FORWARD -p tcp -i eth1 -d 192.168.13.45 --dport 32767 -j ACCEPT
# Allow NTP/NTPD traffic to the router.
iptables -A INPUT -p TCP --dport 123 -j ACCEPT
iptables -A INPUT -p UDP --dport 123 -j ACCEPT
iptables -A OUTPUT -p TCP --dport 123 -j ACCEPT
iptables -A OUTPUT -p UDP --dport 123 -j ACCEPT
# Allow SSH'ing in from the outside.
iptables -A INPUT -p TCP --dport ssh -i eth1 -j ACCEPT
# Allow iTunes connections to the mt-daapd server on the Router.
iptables -A INPUT -p udp -i eth1 --dport 5353 -j ACCEPT
iptables -A OUTPUT -p udp -o eth1 --dport 5353 -j ACCEPT
iptables -A INPUT -p tcp -i eth1 --dport 3689 -j ACCEPT
iptables -A OUTPUT -p tcp -o eth1 --dport 3689 -j ACCEPT
# Allow HTTP Server on Router.
iptables -A INPUT -p TCP --dport http -i eth1 -j ACCEPT
# Drop TCP/UDP packets to priviledged ports.
iptables -A INPUT -p TCP -i ! eth0 -d 0/0 --dport 0:1023 -j DROP
iptables -A INPUT -p UDP -i ! eth0 -d 0/0 --dport 0:1023 -j DROP
# NAT Rules
iptables -I FORWARD -i eth0 -d 192.168.13.0/255.255.0.0 -j DROP
iptables -A FORWARD -i eth0 -s 192.168.13.0/255.255.0.0 -j ACCEPT
iptables -A FORWARD -i eth1 -d 192.168.13.0/255.255.0.0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
# Drop All
# iptables -A INPUT -i eth1 -j DROP
# Enable IP Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done
|
It's using a combination of other scripts I found online. It's simple, but effective. I know it's got it's security holes, but tweaking it will come later, after I've gotten it completely working. |
|
| Back to top |
|
|
teknomage1
Veteran
Joined: 05 Aug 2003
Posts: 1239
Location: Los Angeles, CA
|
| Posted: Sun Mar 06, 2005 11:55 pm Post subject: |
|
|
| Hmm, it definitely seems like there's something odd with your config, as I've had some terible machines make great routers... I guess the next step is to try turning off some services, check whether you get any more speed and repeat. Is the usenet connection going to your machine or the router? If it's the router, make sure you've turned on dma so your slow down isn''t from the harddisk. Also on the inside of the network are you using a hub or a switch? Other than that I guess it's just fiddling. |
|
| Back to top |
|
|
mpeg4v3
Tux's lil' helper
Joined: 16 Sep 2003
Posts: 139
|
| Posted: Mon Mar 07, 2005 12:03 am Post subject: |
|
|
| teknomage1 wrote: | | Hmm, it definitely seems like there's something odd with your config, as I've had some terible machines make great routers... I guess the next step is to try turning off some services, check whether you get any more speed and repeat. Is the usenet connection going to your machine or the router? If it's the router, make sure you've turned on dma so your slow down isn''t from the harddisk. Also on the inside of the network are you using a hub or a switch? Other than that I guess it's just fiddling. |
Hrm ok, I'll experiment a bit after I get something to eat. But to answer your other questions...
The usenet connection is going right to my machine, a Windows machine, and downloads fine at ~8mbit/sec when directly plugged in so it can't be the hard drive. Also, the inside network is using a Dell PowerConnect 2608 10/100/1000 switch. |
|
| Back to top |
|
|
mpeg4v3
Tux's lil' helper
Joined: 16 Sep 2003
Posts: 139
|
| Posted: Mon Mar 07, 2005 1:39 am Post subject: |
|
|
| I've stopped pretty much every service I could, and it still doesn't want to go at full speed. I guess I'll try tweaking my iptables script a bit... hopefully that'll get me somewhere. |
|
| Back to top |
|
|
smithjd15
Tux's lil' helper
Joined: 12 Mar 2003
Posts: 130
Location: Edmonton, AB, CA
|
| Posted: Mon Mar 07, 2005 1:48 am Post subject: |
|
|
| This seems to be getting a little bit repetative coming from me, but have you included QoS / Traffic Shaping in your kernel? I had severe speed issues with the former enabled in MY gateway box. |
|
| Back to top |
|
|
mpeg4v3
Tux's lil' helper
Joined: 16 Sep 2003
Posts: 139
|
| Posted: Mon Mar 07, 2005 1:54 am Post subject: |
|
|
| As far as I can tell, neither are enabled. I do have multicast routing enabled due to a (now failed) experiment with trying to get iTune's multicast packets routed, but I don't think that could cause much of a slowdown... |
|
| Back to top |
|
|
mpeg4v3
Tux's lil' helper
Joined: 16 Sep 2003
Posts: 139
|
| Posted: Mon Mar 07, 2005 8:13 am Post subject: |
|
|
| I think tomorrow I will try some different NICs and see if any of them will perhaps work... hopefully it's just an issue with the generic 8139 card I have in there right now. |
|
| Back to top |
|
|
Cuardin
l33t
Joined: 06 Feb 2003
Posts: 713
Location: vasastaden.stockholm.se
|
| Posted: Mon Mar 07, 2005 6:39 pm Post subject: |
|
|
How about this for a test:
Assuming you have some sort of internet that is supported by the LiveCD, you can take your router and boot it up that way. That way you are working in a known environment when you test your download speed.
_________________
Part of "The adopt an unanswered post initiative" |
|
| Back to top |
|
|
futile1
n00b
Joined: 23 Feb 2004
Posts: 20
|
| Posted: Mon Mar 07, 2005 7:31 pm Post subject: |
|
|
Are downloads directly from the firewall box faster than from the inside network?
_________________
AMD64 3000+, MSI K8N neo2-platinum, 1gb dual-channel DDR, Antec P160 case |
|
| Back to top |
|
|
mpeg4v3
Tux's lil' helper
Joined: 16 Sep 2003
Posts: 139
|
| Posted: Mon Mar 07, 2005 11:44 pm Post subject: |
|
|
| I replaced the 10/100 external NIC with a 3com card, and the problem did not disappear. However, I did just discover something. Downloading Windows XP SP2 network install off of Microsoft.com (roughly 250mb) goes at ~980k/sec, or ~7.5mbit/sec, while also downloading from usenet at ~1.5mbit/sec or so. However, usenet on it's own is still only going at ~2-2.5mbit/sec- so it appears as if this problem is only with usenet. However, I have all of my ports forwarded to my desktop, and I know it's not the usenet server as I can still download at ~8mbit/sec with my desktop plugged directly into the jack. I'm totally lost as to what it could be now... |
|
| Back to top |
|
|
mpeg4v3
Tux's lil' helper
Joined: 16 Sep 2003
Posts: 139
|
| Posted: Tue Mar 08, 2005 12:08 am Post subject: |
|
|
| Well, I fixed it. It turns out it was not the router- it was the news server after all, kind of. There are two routes that can be used to get to the news-server, and the one my desktop would use would run quite well, running at 8mbit/sec, but the other, which my router would use, would get really bad traceroutes and more latency than the other, thus only 2mbit/sec. Forcing my usenet program to use the ports listed on the website for the faster route, I'm back at downloading at 8mbit/sec. Thanks for all the help! |
|
| Back to top |
|
|
|
Networking & Security
