I am working on optimizing the iptables. I came across some way of optimizing the rules by removing the redundant rules and merging the rules . Is there any other way to increase the optimization of iptables ?The network that we applied the iptables is a simple LAN network. (College Network)
View 1 RepliesI have a friend who is using Ubuntu 10.10 Netbook Edition on their netbook and well they love it. However, I notice that at times (if not all the time) their internet is ridiculously slow. Yes, it's a 1 Mbps download connection, but I still think it's a little slow and at times I can't even get it to load a website. I'm thinking if I adjusted the MTU within Ubuntu, it might improve, if even only slightly. I believe the router is set to 1490 or 1500, I haven't really looked yet.
View 3 Replies View RelatedI have just bought a digital-to-analog converter, this one to be exact, along with an amplificator and two speakers. I'd like to get the most of my Ubuntu, a good sound (what player can I use ?) and to know wether I need to do some extra changes in the kernel (OSS / PulseAudio / ALSA ?) or not.
I wonder if my converter will be detected when i plug it in, and if any sound from my computer will be leaded to it automatically ? (I'll have the converter tomorrow). I believe its purpose is to replace the sound card, to provide a greater, pure sound. The converter is linked by USB by the way.
In one of my interview, interviewer asked the following question on deep copy constructor:
When we are externally overloading the copy constructor is there any optimization strategies when we are using several copy constructors.
I would like to ask how can I optimize apache2 load on my dedicated server. I am hosting Facebook applications on it, but most users will get a Timed Out message when they try to access it. I was tinkering with MaxClients directive in apache2 config, and it got better, but still it's not best. Programmers are trying their best to optimize the applications at their side, but I am afraid this is an server issue.
View 2 Replies View RelatedI wrote a little Bash script which accepts two values -- sender address and recipient address -- and finds any instances of mail sent from sender to recipient in /var/log/maillog. The script works fine, but it seems to be very inefficient. I'm just wondering how I can optimize it.
Code:
Example:
Code:
Again, it seems to work fine, but the script greps through /var/log/maillog three times -- first to find the sender; second to see if it's also going to the desired recipient; finally to view all instances of the message ID in the logs. This seems redundant and inefficient.
I'm trying to solve this problem, but always get Time limit exceeded. I've tried my best but still can't get under time limit. Could you please give me some hint about it?
Code:
#include <iostream>
#include <cmath>
[code]...
I am running Ferdora 12 (constantine) 64 with Intel Xeon 3.2GHz processor + 12GB Ram. I am running this machine specifically for number chunching applications but it isnt running as fast as i thought it would! Are there any tips to optimizing the speed of processors in fedora?
View 7 Replies View RelatedI recently purchased a Western Digital 1TB USB hard drive to use for general data storage. I had thought about repartitioning it into 8 - 10 individual drives (most Linux users will doubtless understand the arguments for and against this) and reformatting them with another filesystem, probably ext2.
The unit actually consists of two 500GB drives that are presented by the internal controller as a single 1TB drive, and are formatted with the old HPFS/NTFS filesystem, so I'm a bit cautious about the possibility of my original plan confusing the drive's controller. Does anyone have any experience with these large drives, any thoughts about repartitioning/reformatting, and relevant criteria for optimizing their use?
Where can I find comprehensive information on optimizing Linux? I keep searching online but seem to get only to performance monitoring. I don't want to run a lighter version of Linux or upgrade my hardware! Just want to get my current distro and future ones I might install to run at its best.
View 8 Replies View RelatedI tried to summarize the this as best as possible in the title. I am writing an initial value problem solver in the most general way possible. I start with an arbitrary number of initial values at arbitrary locations (inside a boundary.) The first part of my program creates a mesh/grid (I am not sure which is the correct nuance), with N points total, that contains all the initial values. My goal is to optimize the mesh such that the spacing is as uniform as possible. My solver seems to work half decently (it needs some more obscure debugging that is not relevant here.)
I am starting with one dimension. I intend to generalize the algorithm to an arbitrary number of dimensions once I get it working consistently. I am writing my code in fortran, but feel free to reply with pseudocode or the language of your choice.Allow me to elaborate with an example:Say I am working on a closed interval [1,10]
xmin=1
xmax=10
Say I have 3 initial points: xmin, 5 and xmax
num_ivc=3
known(num_ivc)=[xmin,5,xmax] //my arrays start at 1. Assume "known" starts sorted
I store my mesh/grid points in an array called coord. Say I want 10 points total in my mesh/grid.
N=10
coord(10)
Remember, all this is arbitrary--except the variable names of course. The algorithm should set coord to {1,2,3,4,5,6,7,8,9,10} Now for a less trivial example:
num_ivc=3
known(num_ivc)=[xmin,5.5,xmax
or just
num_ivc=1
known(num_ivc)=[5.5]
Now, would you have 5 evenly spaced points on the interval [1, 5.5] and 5 evenly spaced points on the interval (5.5, 10]? But there is more space between 1 and 5.5 than between 5.5 and 10. So would you have 6 points on [1, 5.5] followed by 4 on (5.5 to 10]. The key is to minimize the difference in spacing.I have been working on this for 2 days straight and I can assure you it is a lot trickier than it sounds. I have written code that
only works if N is large
only works if N is small
only works if it the known points are close together
[code]....
So as you can see, I have coded the gamut of almost-solutions. I cannot figure out a way to get it to perform equally well in all possible scenarios (that is, create the optimum spacing.)
On my bare metal server, I get about 130MB/s read from a software RAID 10 array, but when reading the same file from a VM via NFS over the VirtIO interface,I only get about 40MB/s.
Furthermore, the process for the VM uses >180% CPU on the host, and ~40%, and the 5 min average is ~1.5 on the host and guest. I have dual E5620's so I'm disappointed that the transfer is so slow, as I was expecting at least 90MB/s.
I'm new to being a sysadmin, so if anyone has some tips I can use to increase the transfer rate, and possibility reduce the CPU load as well I'd appreciate it. I'm assuming that 130MB/s is the max speed of two 7.2k HDDs, but if there's any way I can squeeze any more out that would be great too.
System specs:
2x Intel Xeon E5620s @ 2.40Ghz
8GB of RAM @ 1066Mhz
4x 1TB Western Digital Black HDDs in RAID10
I have a dual boot on a netbook with windows and fedora13. When I am on my fedora boot and I try to watch streaming video it comes through in waves or not at all. I do not have the same problems on the alternate boot. There are other performance comparisons where the windows boot runs smoother and faster. Is there any work I can do in order to optimise my fedora boot in this capacity?
View 7 Replies View RelatedSo I've come across several tips to optimize battery life on Linux. [URLs]. In addition to undervolting, I would like to underclock. Is there a way to control CPU speed outside of the BIOS via some software control in Linux... or some sort of boot manager? I would like to boot to linux using underclocked speeds and have Windows running full blast. Is there a way to run Linux completely in RAM? I have read that saves on power consumption from the hard drive.
View 4 Replies View RelatedI am unable to restore my iptables from iptables-save after upgrading Fedora. I cannot get iptables-restore to work, and I have resorted to entering rules manually using the GUI.
View 2 Replies View RelatedI am facing a strange problem witht my iptables as there are some firewall entries stored somewhere which is displaying the below firewall entries even after flushing the iptables & when I restart the iptables service then the firewall entries are again shown in my iptables as shown below,
[root@myhome ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
[code]....
I recently installed a new Ubuntu PC that runs iptables and PSAD. I had the same script on another Ubuntu PC, but when I copied the script onto the new PC, I got this error. I don't remember where I found the tutorial for this, all I know is that this is the script (Edited for my usage):
Code:
#!/bin/bash
# Script to check important ports on remote webserver
# Copyright (c) 2009 blogama.org
# This script is licensed under GNU GPL version 2.0 or above
[code]....
Safe.txt contains:
Code:
127.0.0.1
192.168.1.8
192.168.1.1
98.200.58.73
192.168.0.1
And the error message generated is:
Code:
root@NETWORK-SERVER:/var/ddosprotect# ./ipblock.sh
' not found.4.4: host/network `127.0.0.1
Try `iptables -h' or 'iptables --help' for more information.
' not found.4.4: host/network `192.168.1.8
[code]....
IPtables creates an error during startup as well as when I try to restart it: Here's the output of:
[Code]....
I am running Ubuntu server 10.10 and trying to setup iptables rules in /etc/if-up.d/iptables
Quote:
root@host# cat /etc/network/if-up.d/iptables
#!/bin/sh -e
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Problem is that iptables doesn't get updated and I don't see them when iptables -L is executed after reboot.
To expand: I'm trying to set up a box with l7-filter, and I need to patch and compile iptables 1.4.1.1 as part of the process. I ./configured it with the prefix= argument so it would install into /sbin instead of /usr/sbin, and I did a yum remove iptables before installing it so as not to get in the way of the original iptables, but I'm wondering if this is really necessary - it's kind of annoying, because removing the original iptables removes the init.d script, deregisters the service, etc. If I don't, is it possible that iptables 1.4.1.1 might get overwritten in a system update or something, or will yum see that I've got a custom/newer version in there and leave it be?
View 4 Replies View RelatedIptables manual page says:
Why doesn't it make sense for packets coming from a wireless interface?
I have set up OpenVPN for my connection. I'm using this to connect to the internet from different locations using tunnelling.
Right now I have a few IP's : on eth0 I have IP from my ISP, on eth0:1 I have my own IP.I set up MASQUERADE to eth0 - but in this case when I try to access my restricted resources IP address from ISP is visible.
What I want is to use my own IP address from eth0:1 - could somebody help me to build good working redirect entry for that? I want to redirect all connections to that IP assigned on eth0:1... - just to access Internet using my IP.
How can I add ip address which is multiple of 3 and to 255? That is I want to block ip address which is coming from multiple of 3 to 255.
As an example 192.168.0.3,192.168.0.6,192.168.0.9,192.168.0.12 etc.
how to allow a specific hostname with specific ports in iptables?
View 1 Replies View RelatedWe are stuck big time with IP forwarding where we have to use IP tables. Any advice will be appreciated.
Setup
Machine A --> Machine B -->Machine C
- Machine A connects with Machine B on "internal network"
- Machine B has 2 NIC (and two IP address) , one connected to Machine A (internal network) and one connected to Machine C (External Network)
We need all traffic coming from Machine A which flows to Machine B on port 60 to be directed/forwaded to Machine C (port 60).
Not allowed to configure Machine B as a gateway . Things work with rinetd program when we do a tcp redirect from Machine B port 60 to Machine C (port 60).
But just unable to make it work with IP tables rules. We tried following,but in vain
iptables -t nat -A PREROUTING -s Machine_A -d Machine_C -p tcp --dport 60 -j DNAT --to-destination Machine_C .6:60
/sbin/iptables -A FORWARD -i Machine_B -o Machine_C -p tcp --dport 60 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
Any valued inputs?
pc need download file from internet ftp server, but can't now, how set iptables ?
iptables mod
[root@ad ~]# lsmod |grep ip
ip_nat_ftp 7361 0
ip_conntrack_ftp 11569 1 ip_nat_ftp
[code]....
I have 2 Linux boxes one acting as a router with a direct connection to the internet, second as a server using the first box as a gateway to the internet. I need to forward requests that I get from the outside to port 8400 to my internal server box at 192.168.0.7:8400
Router IP 192.168.0.5
Server IP 192.168.0.7
iptables -t nat -A PREROUTING -p tcp -d [internet ip] --dport 8400 -j DNAT
[code]...
These rules are on the router (192.168.0.5) I've been trying to find a solution for hours with no success. Basically the problem is I can forward ports on the same box but not to a different ip.
iptables -A INPUT -p udp --dport -j ACCEPT
iptables -A INPUT -p tcp --dport -j ACCEPT
iptables -A FORWARD -p udp --dport -j ACCEPT
iptables -A FORWARD -p tcp --dport -j ACCEPT
and the rules are placed in iptables, i can see them when I do iptables -L. But when I do netstat -an | grep 161 I can see that port 161 (SNMP) is not listening. Why?
I just want to allow only some udp ports and deny all tcp access as my script below:
Code:
# Generated by iptables-save v1.3.5 on Sun May 8 17:33:16 2011
*filter
[code]....
how to let iptables to allow dns & dhcp distributions from the server to the clients only w/out exposing the port dhcp port udp 67,68 and tcp port 67,68 as well from the outside world.DHCP only uses udp, but still I also allowed tcp ports as well just to be sure & also I already allow DNS ports in the firewall w/c is not inluded below. linux newbie here,
when i issued the command below to allow those ports only to the internal network the firewall still blocking it. what seems to be the problem?? #iptables -A INPUT -m iprange --src-range 192.168.0.1-192.168.0.254 -p udp --dport 67 -j ACCEPT
[Code]...