Hello all. I think I am experiencing some kind of performance problem in a firewall.... and we can't work out why. We still work with 2.4 kernel (yes, SuSE 9.2 & 9.1 are out there, but replacing a 24x7 box with a detailed configuration is not easy). The box (1,8 GHz Celeron, 512MB RAM) balances load over two 512/192Kbps ADSL lines (fixed IPs, no PPPoE stuff) and connects to a internal network. The number of iptables rules is not so high (only 430). The number of conntrack connections handled is around 5000-6000 normally and the rt_cache has 2322 entries. The uptime is ok, and the CPU load seems ok. # uptime 1:07pm up 35 days 18:39, 1 user, load average: 0.28, 0.25, 0.22 The CPU usage is due to upnpd (yes, we need it of msn voice & video features) and some scripts for gathering statistics (mrtg and others). MRTG says that -on average- we are using 30% less of the lines, that means, we are wasting bandwidth somewhere. I am aware that this is "slightly" off-topic.. any way, it is firewall -> security -> performance problem :-) Thanks. Ariel PS: you don't need to mention that upnp != security ;-)
participants (1)
-
Ariel Sabiguero