> > I have tried to upgrade my firewall to 2.4 kernel (2.4.7), and I have
> > observed a major slowdown of the network speed.
We observed a similar problem, hunted it down via kernel profiling:
When we used ipchains to establish a port redirection (just one
rule, map one port to another), the network would become rediculously
slow after some time of use, causing the CPU to spend almost 100%
as "system time".
We found that the expensive kernel functions were redir_cmp and unredir_cmp,
which were called an unreasonable amount of times by find_redir - seems the
iteration over the list there is quite lengthy...
We didn't investigate the problem further, but found that by using
"iptables" instead of the obsolete "ipchains" to establish the redirection
rule, everything was fine again.
So my advice would be to try iptables and see if your problem goes away
as well.
Regards,
Lutz Vieweg
-- Dipl. Phys. Lutz Vieweg | email: lkv@isg.de Innovative Software AG | Phone/Fax: +49-69-505030 -120/-505 Feuerbachstrasse 26-32 | http://www.isg.de/people/lkv/ 60325 Frankfurt am Main | ^^^ PGP key available here ^^^ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/