vsftpd slow because of iptables firewall

jludwig wralphie at comcast.net
Tue Aug 10 01:50:18 UTC 2004


On Sat, 2004-08-07 at 17:58, Alexander Dalloz wrote:
> Am Sa, den 07.08.2004 schrieb Roger Haase um 23:33:
> 
> > I tried both of those suggestions and neither helped. So I tried not
> > starting the iptables firewall at boot and my file transfers were very
> > fast.
> > 
> > So the next question is why slow transfers with the firewall "problem"
> > when all my googling results seem to suggest that firewall problems
> > result in no transfers at all? 
> 
> Because that is not correct. "Firewalling" on Linux with iptables
> configuring the netfilters in the kernel does not only mean to open or
> fully close paths for network packets. You an mangle, prioritize packets
> or even let packets go very inefficient paths through different routes
> in the kernel. So at all running netfilter code means CPU work and if
> you have bad iptables chains and a weak CPU this can indeed effect the
> throughput.
> 
> > Roger
> 
> Alexander
Also to add --- rule order should be considered. 

For instance if a connection was properly established, why run it
through a long series of rules. Hopefully, but not always possible, an
established or related connection should be passed through on the first
or second rule.

Why put an established connection through a series of rules if it is
already been tested?
-- 
jludwig <wralphie at comcast.net>





More information about the fedora-list mailing list