[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] iptables slowing down the website?
- Subject: [ale] iptables slowing down the website?
- From: christopher at bergeron.com (Christopher Bergeron)
- Date: Sat Mar 13 13:26:59 2004
- In-reply-to: <[email protected]>
- References: <[email protected]>
I tried it with dns on udp, but it still does the same thing.
Here are my rules:
iptables -P INPUT DROP #drop everything by default
iptables -P OUTPUT ACCEPT #let anything out
# allow some incoming requests
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
When these rules are enabled, the pages take about 10 seconds to load.
When the rules are disabled, the pages display almost instantly.
Anyone have any ideas?
Thanks again,
CB
Stephan Uphoff wrote:
>Try adding udp for dns.
>
>Christopher Bergeron wrote:
>
>
>>Does anyone know why the usage of iptables could slow down a webserver?
>>
>>My website uses mysql, httpd, and dns.
>>
>>My rules are similar to the following:
>>
>>DROP all INPUT by default
>>let any output flow (OUTPUT ACCEPT)
>>INPUT from dns accepted (INPUT -p tcp -j ACCEPT)
>>INPUT from httpd accepted (INPUT -p tcp -j ACCEPT)
>>INPUT from mysql accepted (INPUT -p tcp -j ACCEPT)
>>
>>I'm no iptables guru, but my rules make sense (at least to me). Is
>>there something that I'm missing?
>>
>>Thanks in advance,
>>CB
>>
>>
>>
>>_______________________________________________
>>Ale mailing list
>>Ale at ale.org
>>http://www.ale.org/mailman/listinfo/ale
>>
>>
>>
>
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://www.ale.org/mailman/listinfo/ale
>
>
>
>