FIRESTARTER Firewall - GDMorry - 2005-02-10
FIRESTARTER
Okay Guys this is the Program that I'm using with Fedora Core 3 (on a Dual Pent 3 1GHz server -1Gb Ram)
The Server has 2 Etho Cards and Eth0 is DSL Eth Modem!
My network consists of 4 permanent Windows XP SP2 machines (and upto 30 Various operating Systems on the occasional LAN Parties)
MY problem is That whislt Gaming (Soldier Of Fortune - II - Double Helix) on one of the Windows Machines the game will lag for a second or two every 15 seconds ???
This does not happen when the server (Dual BOOT) boots into Windows XP as the SERVER??
Any IDEAS?? is it this Firewall program? (or is it a possible service? set up by default in FED3 ?) is there a better way of FireWalling AND enabling Internet connection sharing? (which firestarter does)
FIRESTARTER Firewall - GDMorry - 2005-02-10
SORRY Guys I realize I may have posted this in the wrong sect ? :(
However my services running using lsmod are
Quote:[root@localhost ~]# lsmodModule Size Used by
ipt_TCPMSS 8001 1
ipt_limit 6337 7
ip_nat_irc 8369 0
ip_nat_ftp 8881 0
iptable_mangle 6721 0
ipt_LOG 10049 7
ipt_MASQUERADE 7745 1
iptable_nat 27237 4 ip_nat_irc,ip_nat_ftp,ipt_MASQUERADE
ipt_TOS 6337 0
ipt_REJECT 10433 0
ip_conntrack_irc 75505 1 ip_nat_irc
ip_conntrack_ftp 76145 1 ip_nat_ftp
ipt_state 5825 6
ip_conntrack 45701 8 ip_nat_irc,ip_nat_ftp,ipt_MASQUERADE,iptable_nat,ip_conntrack_irc,ip_conntrack_f
p,ipt_state
iptable_filter 6721 1
ip_tables 20929 10 ipt_TCPMSS,ipt_limit,iptable_mangle,ipt_LOG,ipt_MASQUERADE,iptable_nat,ipt_TOS,i
t_REJECT,ipt_state,iptable_filter
lp 14893 0
autofs4 21700 0
i2c_dev 13249 0
i2c_core 25921 1 i2c_dev
sunrpc 136997 1
button 10449 0
battery 12485 0
ac 8773 0
md5 8001 1
ipv6 235105 10
usblp 16449 0
uhci_hcd 32729 0
parport_pc 27777 1
parport 40969 2 lp,parport_pc
snd_ymfpci 60421 2
snd_ac97_codec 65169 1 snd_ymfpci
snd_pcm_oss 50809 0
snd_mixer_oss 20929 2 snd_pcm_oss
snd_pcm 89669 2 snd_ymfpci,snd_pcm_oss
snd_opl3_lib 13761 1 snd_ymfpci
snd_timer 27077 3 snd_ymfpci,snd_pcm,snd_opl3_lib
snd_hwdep 13125 1 snd_opl3_lib
snd_page_alloc 13641 2 snd_ymfpci,snd_pcm
gameport 8513 1 snd_ymfpci
snd_mpu401_uart 11329 1 snd_ymfpci
snd_rawmidi 27109 1 snd_mpu401_uart
snd_seq_device 11849 2 snd_opl3_lib,snd_rawmidi
snd 54821 13 snd_ymfpci,snd_ac97_codec,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_opl3_lib,snd_tim
r,snd_hwdep,snd_mpu401_uart,snd_rawmidi,snd_seq_device
soundcore 12961 2 snd
3c59x 39401 0
8139too 27329 0
mii 8641 1 8139too
floppy 57297 0
dm_snapshot 20837 0
dm_zero 6337 0
dm_mirror 24989 2
ext3 117961 2
jbd 59353 1 ext3
dm_mod 56773 6 dm_snapshot,dm_zero,dm_mirror
[root@localhost ~]#
FIRESTARTER Firewall - GDMorry - 2005-02-10
oh also iptables is
Quote:[root@localhost ~]# iptables -LChain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- resolv.internode.on.net anywhere tcp flags:!SYN, RST,ACK/SYN
ACCEPT udp -- resolv.internode.on.net anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec b urst 5
NR all -- !ppp129-0.lns1.adl2.internode.on.net/24 anywhere
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere ppp129-255.lns1.adl2.internode.on.net
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
LS all -f anywhere anywhere limit: avg 10/min b urst 5
INBOUND all -- anywhere anywhere
INBOUND all -- anywhere 192.168.0.1
INBOUND all -- anywhere ppp129-202.lns1.adl2.internode.on.net
INBOUND all -- anywhere 192.168.0.255
LOG all -- anywhere anywhere LOG level info pref ix `Unknown '
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec b urst 5
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/S YN TCPMSS clamp to PMTU
OUTBOUND all -- anywhere anywhere
ACCEPT tcp -- anywhere 192.168.0.0/24 tcp dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT udp -- anywhere 192.168.0.0/24 udp dpts:1023:65535 state RELATED,ESTABLISHED
LOG all -- anywhere anywhere LOG level info pref ix `Unknown '
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- ppp129-202.lns1.adl2.internode.on.net resolv.internode.on.n et tcp dpt:domain
ACCEPT udp -- ppp129-202.lns1.adl2.internode.on.net resolv.internode.on.n et udp dpt:domain
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
OUTBOUND all -- anywhere anywhere
OUTBOUND all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info pref ix `Unknown '
Chain INBOUND (4 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpts:1023:65535 state RELATED,ESTABLISHED
ACCEPT all -- 192.168.0.254 anywhere
ACCEPT tcp -- 192.168.0.0/24 anywhere tcp dpt:bootps
ACCEPT udp -- 192.168.0.0/24 anywhere udp dpt:bootps
ACCEPT tcp -- 192.168.0.0/24 anywhere tcp dpts:netbios-ns :netbios-ssn
ACCEPT udp -- 192.168.0.0/24 anywhere udp dpts:netbios-ns :netbios-ssn
LS all -- anywhere anywhere
Chain LS (91 references)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:microsoft-d s
DROP tcp -- anywhere anywhere tcp dpt:microsoft-d s
DROP udp -- anywhere anywhere udp dpt:microsoft-d s
DROP tcp -- anywhere anywhere tcp dpt:microsoft-d s
DROP all -- 211.51.171.66 anywhere
DROP all -- 211.51.171.66 anywhere
LOG tcp -- anywhere anywhere tcp flags:SYN,RST,A CK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:SYN,RST,A CK/SYN
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,R ST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,R ST,ACK/RST
LOG icmp -- anywhere anywhere icmp echo-request l imit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/sec bu rst 5 LOG level info prefix `Inbound '
DROP all -- anywhere anywhere
Chain NR (1 references)
target prot opt source destination
LS all -- 0.0.0.0/8 ppp129-0.lns1.adl2.internode.on.net/24
LS all -- 1.0.0.0/8 ppp129-0.lns1.adl2.internode.on.net/24
LS all -- 2.0.0.0/8 ppp129-0.lns1.adl2.internode.on.net/24
LS all -- 5.0.0.0/8 ppp129-0.lns1.adl2.internode.on.net/24
LS all -- 7.0.0.0/8 ppp129-0.lns1.adl2.internode.on.net/24
LS all -- 10.0.0.0/8 ppp129-0.lns1.adl2.internode.on.net/24
LS all -- 23.0.0.0/8 ppp129-0.lns1.adl2.internode.on.net/24
LS all -- 27.0.0.0/8 ppp129-0.lns1.adl2.internode.on.net/24
LS all -- 31.0.0.0/8 ppp129-0.lns1.adl2.internode.on.net/24
LS all -- 36.0.0.0/8 ppp129-0.lns1.adl2.internode.on.net/24
LS all -- 37.0.0.0/8 ppp129-0.lns1.adl2.internode.on.net/24
LS all -- 39.0.0.0/8 ppp129-0.lns1.adl2.internode.on.net/24
LS all -- 41.0.0.0/8 ppp129-0.lns1.adl2.internode.on.net/24
LS all -- 42.0.0.0/8 ppp129-0.lns1.adl2.internode.on.net/24
LS all -- 49.0.0.0/8 ppp129-0.lns1.adl2.internode.on.net/24
LS all -- 50.0.0.0/8 ppp129-0.lns1.adl2.internode.on.net/24
LS all -- 71.0.0.0/8 ppp129-0.lns1.adl2.internode.on.net/24
LS all -- 72.0.0.0/8 ppp129-0.lns1.adl2.internode.on.net/24
LS all -- 73.0.0.0/8 ppp129-0.lns1.adl2.internode.on.net/24
LS all -- 74.0.0.0/8 ppp129-0.lns1.adl2.internode.on.net/24
LS all -- 75.0.0.0/8 ppp129-0.lns1.adl2.internode.on.net/24
etc.etc.
FIRESTARTER Firewall - hijinks - 2005-02-10
what does a dmesg give you.
Sometimes these firewalls will rate limit incoming outgoing tcp connections and the queue can become full so it will drop packets. Then due to how tcp works you need to request that packet again
FIRESTARTER Firewall - anyweb - 2005-02-10
a simple test would be to disable the firewall and see does the issue go away, if so then aat least you know where to start pointing the finger at
that said, i had a similar issue a few years ago with quake 3, and about 5 reinstalls of windows xp later i figured it out, nothing wrong with the os, but my firewire card was causing the issue, disabling it in device manager and i havnt seen the problem since
cheers
anyweb
FIRESTARTER Firewall - GDMorry - 2005-02-10
Thanks guys
Yeah has me beat runs fine exact same sys in wnidows BUT boot into Fed3 and NFG :(
I used FireStarter Primarily as an easy way to enable Internet connection sharing because it was a part of the proggy :P
Any other programes you might suggest for firewalling and/or connection sharing ?
I know I've gotta read your IpTables sect. o_O but I was looking for a "quick fix" o_O
Will have to learn to do things the right way even if it takes a little more effort ;)
"dmesg" ?? never hear of it >LOL< will have to try next time in FED :P
FIRESTARTER Firewall - dallas - 2005-02-10
Hi there,
Avoid running firestarter as an application and/or in the systray, as it is a resource intensive application. you can run fs as a service (service firestarter restart) so it's all run in the background.
of course if this is what you are doing... then I don't know what the issue is... maybe a hardware issue?
as for dmesg... cat /var/log/dmesg or type dmesg... it will show you all that cool stuff that linux (used to) show you when you boot up.
da!!as
FIRESTARTER Firewall - GDMorry - 2005-02-11
Great Many thanks I'll try it :)
FIRESTARTER Firewall - GDMorry - 2005-03-03
Okay I havn't played with it much recently BUT just a thgt would it have anything to do with "SELinux (Security-Enhanced Linux)" new to FED3 isn't it??
anyone now how to play with the settings?
FIRESTARTER Firewall - anyweb - 2005-03-03
it could be
vi /etc/sysconfig/selinux
set it to disabled and reboot
cheers
anyweb
|