Re: how to increase through put of LAN to 1GB
Le Thu, 21 Jun 2012 06:00:10 -0500, Stan Hoeppner a écrit : > On 6/21/2012 5:28 AM, Muhammad Yousuf Khan wrote: > > > agreed, but my virtualization system is 4 core xeon 2.3 with 8 GB > > RAM. 500 GB sata RAID 1 so i think hardware will not be a problem > > You keep mentioning all your hardware specs but what counts most: > > THE NIC > > > only 1 switch which is 1 GB supported and linsys switch 48 port > > manageable L2 switch > > Does it support jumbo frames? Post model# please. > > > standard windows share/samba i think it uses TCP (not sure) > > Samba uses TCP because its protocol is CIFS/SMB, which use TCP. Samba > doesn't speak TCP. CIFS/SMB are two layers up the OSI stack. They > you can't "tune" Samba's network performance. You can only tune > Linux' TCP performance, and Samba will benefit. > > You're asking a technical question on a technical mailing list. > Please always post all technical details related to an issue. Thus > far you have not. As a rule, it's better to post too much > information that not enough. > > Thanks. > Is the problem really the network? If you tested your thoughput c200 to 300 Mbpsopying a file, then I guess the bottleneck is your hard drive. Your 200 to 300 Mbps correspond to your disk throughput in my opinion. Try to use iperf to test your network throughput, and be well aware that your disk io will be the real bottleneck here. Bruno -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120621142848.6cb55...@bruno.vf-online.local
Re: how to increase through put of LAN to 1GB
Le Thu, 21 Jun 2012 18:32:11 +0500, Muhammad Yousuf Khan a écrit : > On Thu, Jun 21, 2012 at 5:28 PM, bruno.deb...@cyberoso.com > wrote: > > Le Thu, 21 Jun 2012 06:00:10 -0500, > > Stan Hoeppner a écrit : > > > >> On 6/21/2012 5:28 AM, Muhammad Yousuf Khan wrote: > >> > >> > agreed, but my virtualization system is 4 core xeon 2.3 with 8 GB > >> > RAM. 500 GB sata RAID 1 so i think hardware will not be a problem > >> > >> You keep mentioning all your hardware specs but what counts most: > >> > >> THE NIC > >> > >> > only 1 switch which is 1 GB supported and linsys switch 48 port > >> > manageable L2 switch > >> > >> Does it support jumbo frames? Post model# please. > >> > >> > standard windows share/samba i think it uses TCP (not sure) > >> > >> Samba uses TCP because its protocol is CIFS/SMB, which use TCP. > >> Samba doesn't speak TCP. CIFS/SMB are two layers up the OSI > >> stack. They you can't "tune" Samba's network performance. You > >> can only tune Linux' TCP performance, and Samba will benefit. > >> > >> You're asking a technical question on a technical mailing list. > >> Please always post all technical details related to an issue. Thus > >> far you have not. As a rule, it's better to post too much > >> information that not enough. > >> > >> Thanks. > >> > > > > Is the problem really the network? If you tested your thoughput > > c200 to 300 Mbpsopying a file, then I guess the bottleneck is your > > hard drive. Your 200 to 300 Mbps correspond to your disk throughput > > in my opinion. Try to use iperf to test your network throughput, > > and be well aware that your disk io will be the real bottleneck > > here. > sorry i got your question wrong sorry for my weakenlish > > correct me if i am wrong becuase the drives that i baught has default > 3 GB througput do you still thing > drives could be the bottleneck here? > > > > > Bruno > > > > > > -- > > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > > with a subject of "unsubscribe". Trouble? Contact > > listmas...@lists.debian.org Archive: > > http://lists.debian.org/20120621142848.6cb55...@bruno.vf-online.local > > 3Gb/s is the sata bus maximum speed, not the drive real throughput. See http://www.tomshardware.com/reviews/wd6000hlhx-velociraptor-600gb,2600-5.html, you'll see the maximum real througput for the velociraptor 600GB is 157 MB (~ 1,2 Gb/s), which is rarely obtained anyway in real life (concurrent reading, access time, ... see http://www.tomshardware.com/reviews/wd6000hlhx-velociraptor-600gb,2600-7.html). So I bet your 200/300Mb/s are just corresponding to your disk throughput (We actually have the same on our server at work with a RAID 10 with 4 x 1TB WD caviar drives). Kind regards, Bruno -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120621155908.6d711...@bruno.vf-online.local
Re: What is the best way to turn off the iptables
Le Fri, 6 Jul 2012 15:31:22 +0800, lina a écrit : > On Fri, Jul 6, 2012 at 4:01 AM, Joe wrote: > > On Thu, 5 Jul 2012 22:28:43 +0800 > > lina wrote: > > > >> Hi, > >> > >> What is the best way to turn off the iptables? > >> > >> or come back to its default settings. Flush my current one. > >> > > > > This is the script I use: > > > > #!/bin/sh > > #/etc/iptables/iptables.flush > > iptables -t filter -F > > iptables -t filter -X > > iptables -t nat -F > > iptables -t nat -X > > iptables -t mangle -F > > iptables -t mangle -X > > iptables -P INPUT ACCEPT > > iptables -P FORWARD ACCEPT > > iptables -P OUTPUT ACCEPT > > > > Which leaves you wide open, but that is no worse than you were a few > > days ago. > > I follow above advice, > > :/etc/iptables# more iptables.flush > #!/bin/bash > > # /etc/iptables/iptables.flush > > IPT=/sbin/iptables > > $IPT -t filter -F > $IPT -t filter -X > $IPT -P INPUT ACCEPT > $IPT -P FORWARD ACCEPT > $IPT -P OUTPUT ACCEPT > > Now the # iptables -L -vn > Chain INPUT (policy ACCEPT 9051 packets, 902K bytes) > pkts bytes target prot opt in out source > destination > > Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > > Chain OUTPUT (policy ACCEPT 1234 packets, 133K bytes) > pkts bytes target prot opt in out source > destination > > I still can't open the localhost ports. Strange? > > Thanks, > > > > > >> Since I tried to configure the iptables, I have encountered the > >> following problems: > >> > >> 1] I can't access the cups and some other ports I opened in > >> localhost. > >> > > > > I'd go along with the others and suggest you start again, with a > > skeleton script and add things one at a time. Sprinkle in a fair few > > logging rules to help get some idea what is going on. I use logging > > a lot, for troubleshooting connections which don't really need a > > packet sniffer. > > > > Here's an outline of one of my scripts, which really ought to work > > as I've just lifted it from my firewall-server and removed a lot of > > the site-specific stuff and the more obscure aggression. You don't > > need any FORWARD or NAT sections in a workstation script, I've left > > them in in case someone else is doing a two-NIC firewall. > > > > I've defined a number of chains (many more than shown here), as a > > firewall-server is quite busy, and it helps to see what's happening > > in a large script. Think of subroutines in a program. There's also a > > virtual machine living in here, and an OpenVPN termination, as well > > as a wireless access point in the network, and there really is no > > choice but to be at least a bit organised. Down with spaghetti > > firewalling... > > > > __ > > #!/bin/sh > > # /etc/iptables/iptables.rules > > > > # IP configuration > > > > # various shell variable definitions: > > # LanIF, InetIF, ExtIP etc > > # all in one place to make changes easier > > # I hate doing search-and-replace in a large iptables script, > > # it's too easy to make mistakes > > > > # > > > > # Set default policies for built-in chains > > > > # belt and braces, as the chains do have their own terminators > > iptables -P INPUT DROP > > iptables -P FORWARD DROP > > iptables -P OUTPUT DROP > > > > # > > > > # Remove existing rules and user-defined chains > > > > iptables -t filter -F > > iptables -t filter -X > > iptables -t nat -F > > iptables -t nat -X > > iptables -t mangle -F > > iptables -t mangle -X > > > > # > > # User-defined chains > > # > > > > # Log and dispose of > > > > iptables -N newnotsyn > > iptables -A newnotsyn -j LOG --log-level debug --log-prefix "NEW NOT > > SYN:" > > iptables -A newnotsyn -j DROP > > > > iptables -N badpacket > > iptables -A badpacket -j DROP > > > > # > > # Built-in chains > > # > > # filter table INPUT chain > > > > # Assorted unwanted > > iptables -A INPUT -m state --state INVALID -j badpacket > > iptables -A INPUT -p tcp ! --syn -m state --state NEW -j newnotsyn > > > > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > > iptables -A INPUT -i lo -j ACCEPT > > > > # ports and protocols to accept from anywhere... > > iptables -A INPUT -p tcp --dport 22 -j LOG --log-level debug > > --log-prefix "SSH ACCEPTED:" > > iptables -A INPUT -p tcp --dport 22 -j ACCEPT > > iptables -A INPUT -p tcp --dport 25 -j ACCEPT > > > > # a firewall-server will have a list of additional ports and > > protocols # accepted from the [hopefully trusted] machines in the > > LAN here > > > > iptables -A INPUT -j LOG --log-level debug --log-prefix "INPUT > > DIED:" iptables -A INPUT -j DROP
Re: web server migration
Le Sat, 10 Dec 2011 18:46:56 -0500, steve reilly a écrit : > On 12/10/2011 05:38 PM, Mark Neidorff wrote: > > More information needed, please. You said that your desktop > > machine is running lenny. > > yes, it is. > > > > I'll start with a few questions and let other folks add theirs > > > > 1. Do you want to try squeeze on the poweredge or stay with lenny? > > Is the hardware in the server supported in lenny or do you have to > > use squeeze? > yes, would be installing latest stable, squeeze. as far as I can > tell, I had no problems with hardware, i installed squeeze on one of > the drives when i got it couple weeks ago. only thing that did not > work was usb ports. i figured thatd be easy enough to fix, but i > dont need them anyway. raid is embedded and run at hardware level so > no drivers needed for that. pretty sure on that anyway. > > > 2. Are you going to use raid on the disks? (remember you are using > > about 4gb now). > with 2 73 gb drives installed the raid config (perc3) gives me 2 > options when i create a container, raid zero, which i dont want, or > raid one (mirrored) so thats what i planned on using. plan on > getting a 3rd drive down the road for hot spare. once i get up and > running im assuming the raid config has option for that. > > > 3. What else is the server going to do for you, now and in the > > future? > strictly webserver. > > > 4. What web server are you using and what version is it? What are > > you planning to use on the new machine? > currently apache2- 2.2.9, sticking with apache on new one, looks like > 2.2.16 on squeeze > > > 5. What provisions are you making for backups? > automated daily wordpress, database zip backups to another machine in > the house, plus the raid one (main reason i got the new server was so > i had some sort of redundancy) guess i could have just got a raid > card, but this poweredge was wicked cheap. got from a government > contractor friend. > > thanks > > steve > > > I would first move to some virtualisation in order to make the next migration easier (I am currently using OpenVz containers with Proxmox ditro, but there are many others out there) So you could create a virtual machine on your new server, and rsync the old one directly in the virtual machine. You'll have to change a couple of things (there have already been many threads about that in this list) I would not do both upgrade to squeeze and migration at the same time, as you would double the risks of getting into problems. You could make clones of this virtual machine to test an upgrade to squeeze of your production environment afterwards. If you stick to pure hardware server, rsync works great as well (there have already been many threads about that in this list) My 2 cents, Bruno -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20111211094747.153339bc@bruno
