1

I have COX communications as my ISP and I have a 400 MB connection at work. I have had for years an iptables firewall I setup that runs great.

CPU Info

Intel® Core™ i5-2400 Processor (6M Cache, 3.10 GHz)

I have 2 1000Mb/s NICs in it.

2 x DGE-530T Gigabit Ethernet Adapter (rev 11)

I use all CAT6 cables for connections

All my switches support Gigabyte.

Using ethtools I have confirmed their setup

enter image description here enter image description here

iptables

About 50 lines of code (even after doing a iptables -F it still slow)

When I get in front of the firewall and connect directly to the cable modem I get the full 400Mb/s. When I get behind the firewall it slows down to 100Mb/s give or take, last night I saw up to 160Mb/s. I have tried all times of the day including late at night when no one is on and I always get the same results. I have installed other NIC's in it as well and still get the same results. I am thinking it is my box but I have a quad core which is by far enough power to handle this.

Is there something I am missing? Are there some other tools I can use to troubleshoot this?

Cesar Bielich
  • 155
  • 1
  • 8
  • What does your cpu load look like? – ewwhite Mar 15 '16 at 20:16
  • It runs way low, right now its 99.3% Idle – Cesar Bielich Mar 15 '16 at 20:19
  • Well, the question really is what it looks like when the firewall is limiting the bandwidth. What NICs have you tried? What CPU do you have? Is there any other hardware between the firewall and other devices? Maybe a bad/misconfigured "switch"? Are you doing any traffic shaping or custom queuing? How complex are your firewall rules? The fact that it slows to very close to 100Mb/s makes me think you have 100Mbps ethernet somewhere in the path. – David Schwartz Mar 15 '16 at 20:21
  • 1
    `When I get behind the firewall it slows down to 100Mb/s give or take` - You mean when you're connected to the switch? If so, connect directly to your iptables machine and test it there. – joeqwerty Mar 15 '16 at 20:22
  • I tested it last night and stuck one Gigbyte switch in between me and the firewall and I still only hit the 100Mb/s. The firewall connects directly to the Modem so there are no switches there that can slow it down. – Cesar Bielich Mar 15 '16 at 20:26
  • 1
    Well, plug directly into the LAN/Internal interface of the iptables machine. If you get the same results then you've absolutely identified the source of the problem and have ruled everything else out. – joeqwerty Mar 15 '16 at 20:27
  • @joeqwerty Good call. Will do that now – Cesar Bielich Mar 15 '16 at 20:28
  • @DavidSchwartz I did mention `100Mb/s give or take` and I should have said that last night I was able to hit a max of 160Mb/s so wouldnt that rule out a 100Mb switch problem? – Cesar Bielich Mar 15 '16 at 20:35
  • @joeqwerty Ok I plugged a computer directly into the back of the box NIC card with a cross over. I am still only hitting about 110Mb/s – Cesar Bielich Mar 15 '16 at 20:51
  • What NIC hardware? What CPU? Anything unusual in terms of queuing or shaping? How many iptables rules? Any unusual ones? What are the power management settings on the firewall? – David Schwartz Mar 15 '16 at 20:56
  • @DavidSchwartz I have updated my question with all that info. – Cesar Bielich Mar 15 '16 at 21:34
  • You haven't explained how you're testing the connection. – ewwhite Mar 16 '16 at 01:28
  • @ewwhite I have done several but the most useful one I did was using a crossover cable directly into the NIC on the firewall from my computer. After that it goes from the box to the modem. There are no switches at all in between. That did not work. – Cesar Bielich Mar 16 '16 at 01:39
  • I am currently working late and building a whole new box just to see if I get different results. – Cesar Bielich Mar 16 '16 at 01:40
  • You may have a problem with your motherboard. What type of motherboard is it? – ewwhite Mar 16 '16 at 01:41
  • @ewwhite My Board http://www.biostar.com.tw/app/en/mb/introduction.php?S_ID=525 – Cesar Bielich Mar 16 '16 at 01:44
  • @CesarBielich: Did this ever got solved? – Tommiie Oct 16 '18 at 09:58

0 Answers0