Find the answer to your Linux question:
Results 1 to 6 of 6
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    routing problem ?

    hi all,

    I have a firewall with 3 NICs, 1 to local network, 1 to local DMZ, 1 to the public.

    eth0 (public ip 1)
    eth0:1 (public ip 2)
    eth0:2 (public ip 3)

    [root@fw root]# route
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface * U 0 0 0 eth0 * U 0 0 0 eth1 * U 0 0 0 eth2 * U 0 0 0 lo
    default UG 0 0 0 eth0
    default UG 1 0 0 eth0
    default UG 1 0 0 eth0

    now: i tried to sftp something from the firewall to a host in DMZ (say the speed is somehow limited by the speed of my ADSL, i.e. the speed is something 50KB/s instead of 100Mbps like what it "should" be.

    any idea please?


  2. #2
    Linux Enthusiast
    Join Date
    Feb 2005
    SE, Stockholm
    This sounds in a sence kind of strange.
    What speed do you reach if you try to "sftp" from the DMZ host into the firewall?
    Your firewall, did you just use "simple" iptables settings or have you used some pre-compiled firewall? Because some "free" firewalls have implemented some simple traffic-shaping/bandwith controlling. You should check that out. And, do a extra check that both your FW and your DMZ host are setup on the same speed and duplex.

  3. #3
    hi swemic,

    first of all, thanks for your reply, i did a little experiment like what you said and here is what i got: (this is done from the machine in DMZ)

    Uploading nullfile to /tmp/nullfile
    100% 17MB 421.0KB/s 00:42

    Fetching /tmp/nullfile to nullfile
    1% 224KB 50.9KB/s 05:42 ETA

    This doesn't look like two machines linked with a 100Mbps switch, because an sftp between 172.16.0.x gives:

    sftp> put nf
    Uploading nf to /tmp/nf
    nf 100% 7680KB 3.8MB/s 00:02

    btw, the problem occurs between firewall ( / and 172.16.0.x, and the firewall script, ya, here it is:

    $IPT -t nat -F POSTROUTING
    #some local machines are allowed to go thru the firewall
    for NET in $DMZ; do
    for NET in $PRIV; do
    echo "1" > /proc/sys/net/ipv4/ip_forward
    $IPT -t nat -F PREROUTING
    $IPT -t nat -A PREROUTING -j DNAT -i $ISP_NIC -d -p tcp --dport 12673 --to
    $IPT -t nat -A PREROUTING -j DNAT -i $ISP_NIC -d -p tcp --dport 81 --to
    $IPT -t nat -A PREROUTING -j DNAT -i $ISP_NIC -p tcp -d --dport 80 --to
    $IPT -t nat -A PREROUTING -j DNAT -i $ISP_NIC -p tcp --dport 80 --to
    $IPT -t nat -A PREROUTING -j DNAT -i $ISP_NIC -p tcp --dport 22 --to
    $IPT -t nat -A PREROUTING -j DNAT -i $ISP_NIC -p tcp --dport 21 --to
    $IPT -t nat -A PREROUTING -j DNAT -i $ISP_NIC -p udp --dport 21 --to
    $IPT -t nat -A PREROUTING -j DNAT -i $ISP_NIC -p udp --dport 20 --to
    $IPT -t nat -A PREROUTING -j DNAT -i $ISP_NIC -p tcp --dport 7200 --to
    $IPT -t nat -A PREROUTING -j DNAT -i $ISP_NIC -p tcp --dport 7210 --to
    $IPT -t nat -A PREROUTING -j DNAT -i $ISP_NIC -p tcp --dport 7777 --to
    # used to be, so make firewall listens on 106 and route the traffic to it
    $IPT -t nat -A PREROUTING -j DNAT -i $PRIV_NIC -d --to
    and it is started thru /etc/rc.d/rc.local

    thanks again for the help

  4. $spacer_open
  5. #4

  6. #5
    Not sure what the problem could be.. I'm about to implement something very similar to this as I run game servers, and need to put them on a DMZ away from my network (this way I don't royally scrwe things up..)

    Will let ya know if this works for me or not.

  7. #6
    hi, thanks for the reply. For your information, the server has been giving me problem recently, in the middle of usage it simply reboots the machine without any notice... ha, guess that's hardware problem...

    but later i upgrade it to CentOS 4.1 (minimum version, no X, no compiler, no nothing) with the same network configuration & firewall script, it works the way it should be !!!!

    thanks again

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts