On Mon, 2005-02-28 at 20:09, Rudi Starcevic wrote: > Hi, > > I have these rules below to enable: > > a) http port-forwarding in requests > b) masquerading rules for http replies. > > It does seem to work OK but is very slow. After hours of looking I think > the problem as to why it is so slow may be in my Iptables rules. > > Can you see a double up or something that may cause a problem ? > Or would you say it all looks fine and my problem is elsewhere ? > > Thank you .. > > $IPTABLES -P INPUT DROP > $IPTABLES -P OUTPUT DROP > $IPTABLES -P FORWARD DROP > > # http requests: > # Port-Forwarding setup > $IPTABLES -t nat -A PREROUTING -i $ETH0 -p tcp --dport 80 -d > 66.xxx.xx.100 -j DNAT --to 192.168.0.10:80 > > # http replies: > # ENABLE NAT > echo "1" > /proc/sys/net/ipv4/ip_forward > > # NAT Forwarding Setup > $IPTABLES --table nat --append POSTROUTING --out-interface $ETH0 -j > MASQUERADE > $IPTABLES -A FORWARD -i $ETH1 -j ACCEPT > $IPTABLES -A FORWARD -i $ETH0 -j ACCEPT > $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT you're basically not running a firewall at all--i would look elsewhere. the usual suspects: * DNS resolution timing out * Network interface speed/duplex mismatches -j -- "Another day, another box of stolen pens." --The Simpsons
