Hi all,
Perhaps you can give me some hints on a performance problem that I'm
currently experiencing with iptables.
The situation is as follows:
I have a firewall currently running kernel 2.4.20, Celeron 1 GHz and
512 MB of RAM
that should do traffic accounting based on single IP addresses. I
thought it would be more
efficient to use iptables than writing a standalone application using
pcap or the like.
I need to add filtering rules like
/sbin/iptables -A FORWARD -o eth0 -s ip_address/32
/sbin/iptables -A FORWARD -i eth0 -d ip_address/32
for about six class-C networks (this means about 3000 iptables rules).
The average throughput is around 3 Mbits / second.
After I've added those rules, the latency in ping times to a machine
behind
the firewall increases from 30 ms to over 200 ms ...
Now my question is if I can speed those things up ... do you have any
ideas?
Thanks in advance.
Regards,
Gerald
