On Thu, Mar 03, 2016 at 10:37:51AM -0800, Eddie wrote: > While investigating a streaming issue in my network, I was surprised to see > a run of Speedtest showing my download speed at around 85Mbps, which is less > than half the speed I am supposed to get from my ISP, 200Mbps. Running a > few tests, it appears (on the surface) that Shorewall is throttling this > down, because if I turn it off, then I get my advertised 200Mbps. > > This is running on a Nethserver install connected directly to my cable > modem. Nethserver is based on CentOS 6.7 and runs Shorewall 4.6.4.3. The > Traffic Shaping option offered by Nethserver is disabled. > > Here is the console log of my Speedtest runs, plus I have attached the > output from "shorewall dump". > > |[root@NethServer ~]# ./speedtest_cli.py Retrieving speedtest.net > configuration... Retrieving speedtest.net server list... Testing from Time > Warner Cable (76.91.205.244)... Selecting best server based on latency... > Hosted by Time Warner Cable (Los Angeles, CA) [17.74 km]: 9.372 ms Testing > download speed........................................ Download: 83.91 > Mbit/s Testing upload > speed.................................................. Upload: 23.16 Mbit/s > [root@NethServer ~]# shorewall stop > /dev/null [root@NethServer ~]# > ./speedtest_cli.py Retrieving speedtest.net configuration... Retrieving > speedtest.net server list... Testing from Time Warner Cable > (76.91.205.244)... Selecting best server based on latency... Hosted by Time > Warner Cable (Los Angeles, CA) [17.74 km]: 9.508 ms Testing download > speed........................................ Download: 229.21 Mbit/s > Testing upload speed.................................................. > Upload: 22.14 Mbit/s [root@NethServer ~]# ./speedtest_cli.py Retrieving > speedtest.net configuration... Retrieving speedtest.net server list... > Testing from Time Warner Cable (76.91.205.244)... Selecting best server > based on latency... Hosted by Time Warner Cable (Los Angeles, CA) [17.74 > km]: 10.578 ms Testing download > speed........................................ Download: 230.89 Mbit/s > Testing upload speed.................................................. > Upload: 23.26 Mbit/s [root@NethServer ~]# shorewall start > /dev/null > [root@NethServer ~]# ./speedtest_cli.py Retrieving speedtest.net > configuration... Retrieving speedtest.net server list... Testing from Time > Warner Cable (76.91.205.244)... Selecting best server based on latency... > Hosted by Time Warner Cable (Los Angeles, CA) [17.74 km]: 9.778 ms Testing > download speed........................................ Download: 80.58 > Mbit/s Testing upload > speed.................................................. Upload: 23.16 Mbit/s > [root@NethServer ~]#|
By turn off do you mean 'shorewall clear' or 'disable shorewall and reboot'? After all if you never started shorewall you likely don't even have netfilter modules loaded which means a lot less processing per packet in the kernel. If you did start it but then cleared the rules, then the packets would still go through netfilter, but through less rules (which makes a difference, but probably not nearly as much as when netfilter was never loaded at all). -- Len Sorensen ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
