[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Sat Mar 13 13:26:59 2004 -->
- <!--x-from-r13: puevfgbcure ng oretreba.pbz (Quevfgbcure Pretreba) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] iptables slowing down the website? -->
- <li><em>date</em>: Sat Mar 13 13:26:59 2004</li>
- <li><em>from</em>: christopher at bergeron.com (Christopher Bergeron)</li>
- <li><em>in-reply-to</em>: <<a href="msg00446.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg00446.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] iptables slowing down the website?</li>
Here are my rules:
iptables -P INPUT DROP #drop everything by default
iptables -P OUTPUT ACCEPT #let anything out
# allow some incoming requests
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
When these rules are enabled, the pages take about 10 seconds to load.
When the rules are disabled, the pages display almost instantly.
Anyone have any ideas?
Thanks again,
CB
Stephan Uphoff wrote:
>Try adding udp for dns.
>
>Christopher Bergeron wrote:
>
>
>>Does anyone know why the usage of iptables could slow down a webserver?
>>
>>My website uses mysql, httpd, and dns.
>>
>>My rules are similar to the following:
>>
>>DROP all INPUT by default
>>let any output flow (OUTPUT ACCEPT)
>>INPUT from dns accepted (INPUT -p tcp -j ACCEPT)
>>INPUT from httpd accepted (INPUT -p tcp -j ACCEPT)
>>INPUT from mysql accepted (INPUT -p tcp -j ACCEPT)
>>
>>I'm no iptables guru, but my rules make sense (at least to me). Is
>>there something that I'm missing?
>>
>>Thanks in advance,
>>CB
>>
>>
>>
>>_______________________________________________
>>Ale mailing list
>>Ale at ale.org
>><a rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
>>
>>
>>
>
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
><a rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
>
>
>
>
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00450" href="msg00450.html">[ale] iptables slowing down the website?</a></strong>
<ul><li><em>From:</em> glass at holos.com (Frank S. Glass)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00446" href="msg00446.html">[ale] iptables slowing down the website?</a></strong>
<ul><li><em>From:</em> ups at tree.com (Stephan Uphoff)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00448.html">[ale] Grub and XP tablet edition</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00450.html">[ale] iptables slowing down the website?</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00446.html">[ale] iptables slowing down the website?</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00450.html">[ale] iptables slowing down the website?</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00449"><strong>Date</strong></a></li>
<li><a href="threads.html#00449"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>