Hello,

I am using a pretty basic setup with iptables.

I am trying to block all incoming requests except for ssh ( port 22 ).

I am using cable modem and my file downloads usually start pretty fast ( up to 200-300 kB/s and then slow down to an average of 40 kB/s after half a minute.

If I disable the rule that blocks all incoming requests (iptables -P INPUT DROP) then my downloads stay really fast.


I am using this set of rules :

----------
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth1 -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
-----------


I think that my issue has to do with :
iptables -P INPUT DROP
and
iptables -A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT

But I'm not exactly sure how to tweak this.

Any suggestions ?

Thank you !