On Tuesday 13 May 2003 20:19, Togan Muftuoglu wrote:

* Mark Gray; on 13 May, 2003 wrote:

...

Togan Muftuoglu writes:

Well we do not know the hardware details of the OP as he mentioned he converted from RH 5.0 to SuSE 8.1 could be an old 486 which I would say lacks necessary power for the goodies you ention in the kernel :-)

The server is a Pendium III 1000MHz with 512 MB RAM and 1 SCSI 16GB HDD :)

On Tuesday 13 May 2003 21:38, Togan Muftuoglu wrote:

* Stelios Asmargianakis; on 13 May, 2003 wrote:

...

The server is a Pendium III 1000MHz with 512 MB RAM and 1 SCSI 16GB HDD :)

Himm on this case could you please send the configuration file and no CC'in is necessary as I am on the list untill ckm kicks me out :-)

First of all thanks for your answer. ok here is the SuSEfirewall2 script (i put off the comments). FW_QUICKMODE="no" FW_DEV_EXT="eth0 eth0:1" FW_DEV_INT="" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="0/0" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="10000 169 22 25 3128 3306 42 443 53 80 http https ssh" FW_SERVICES_EXT_UDP="53 80 10000 22 3128 3306 42 443 25 169" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" FW_SERVICES_QUICK_TCP="" FW_SERVICES_QUICK_UDP="" FW_SERVICES_QUICK_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="DNS" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="yes" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="yes" FW_SERVICE_SAMBA="no" FW_FORWARD="" FW_FORWARD_MASQ="" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="no" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="no" FW_ALLOW_FW_TRACEROUTE="no" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="no" FW_IGNORE_FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="no" FW_REJECT="no" Regards

I made all this changes but the problem still remains.... On Tuesday 13 May 2003 22:48, Togan Muftuoglu wrote:

* Stelios Asmargianakis; on 13 May, 2003 wrote:

...

ok here is the SuSEfirewall2 script (i put off the comments). FW_MASQ_NETS="0/0"

place your actual masq net here ie 192.168.1.0/24 it is better then the whole internet

...

FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="10000 169 22 25 3128 3306 42 443 53 80 http https ssh"

no need for "ssh http https" as you have already defined them "22 80 443" also why do you need 42 and 169. Hope your Mysql is secured along with webmin

...

FW_SERVICES_EXT_UDP="53 80 10000 22 3128 3306 42 443 25 169"

22 25 80 3128 are not used in UDP. why do you think you need 42 and 169. I also do no think webmin needs 10000 UDP unless you have something else runing on 10000

...

FW_ALLOW_INCOMING_HIGHPORTS_TCP="DNS" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"

See if it makes better

Only http connections are very slower than before. Other servises running very well. The server is running apache 1.3.26 On Wednesday 14 May 2003 00:19, David Krider wrote:

On Tue, 2003-05-13 at 15:38, Stelios Asmargianakis wrote:

...

I made all this changes but the problem still remains....

Perhaps it would be easier to help with the problem if you told us what - exactly - is so much slower than before? Is it the traffic going _through_ the box? Is it terminal sessions (or, heaven forbid on this ancient thing, X sessions) _on_ the box? Is it _connections_ to services hosted on the box? I'm sorry if you've mentioned it before, but I just reviewed the thread and I don't see it.

Regards, dk

Thanks