Re: 8Signs PC Firewall Problem
From: Duane Arnold (notme_at_notme.com)
Date: 04/14/04
- Next message: Duane Arnold: "Re: Small Business FireWall"
- Previous message: Al Cruz: "Small Business FireWall"
- In reply to: mrsimpleton: "8Signs PC Firewall Problem"
- Next in thread: mrsimpleton: "Re: 8Signs PC Firewall Problem"
- Reply: mrsimpleton: "Re: 8Signs PC Firewall Problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 14 Apr 2004 04:20:29 GMT
mrsimpleton@angelfire.com (mrsimpleton) wrote in
news:d8dea9e6.0404131938.684ce173@posting.google.com:
> First let me say that 8Signs PC Firewall is AWESOME!!!
> Just one little thing about it bugs the heck out of me.
>
> First a little understanding of my network setup...
>
> PC2
> PC3 <--> Switch <--> PC1 <--> Cable Modem
> PC4
>
> All PCs are Pentium III 500s or faster with at least 128 Megs Of
> Memory or more.
> Chipsets are either Intel or Via.
> Network Adapters: PC1 WAN Linksys LNE100TX v4, LAN Compaq Netelligent
> 10/100TX
> PC2 LAN Realtek RTL8139A
> PC3 LAN Linksys LNE100TX v2
> PC4 LAN Realtek RTL8139A
> WAN Realtek RTL8139A (NOT CONNECTED)
> All Network Adapters are running 100 Mbs FullDuplex
> My hardware is pretty generic. I don't have any dells or compaqs or
> E-Machines, or any weird computers.
> All PCs are running Windows 2000 Professional SP4.
> PC1 is using Internet Connection Sharing to share the internet
> connection.
> PC1 is also running 8Signs PC Firewall V2.2a
> PC1 also has a Proxy Server Running, Proxy+ 3.0.
> All downloads are done using Internet Explorer 6.0 SP1 with the latest
> critical update, Q832894.
>
> The Problem...
>
> If I try to download anything from PC2, PC3 or PC4, via Http or Ftp,
> it starts to do it for a second but then it just slows down to a crawl
> and hangs and does a little more and hangs and then some more and
> hangs and flip flops between 20KBytes/s and 80KB/s. That's about as
> clear as I can put the problem.
>
> Variations...
>
> If I download the samething from PC1, Blazingly Stupidly Fast as
> aways, 350KB/s.
> If I turn 8 Signs PC Firewall Off, Blazingly Stupidly Fast.
> If I set PC2, 3 or 4 to go through the Proxy Server, Blazingly
> Stupidly Fast.
> If I have the firewall ON but tell it to allow all traffic, it's a
> setting and not me making a rule to allow all traffic, Blazing
> Stupidly Fast.
> If I have the firewall ON but make a rule to ALLOW ALL TRAFFIC, Slows
> down to a crawl.
>
> So when ever the firewall is running and is set to filter the packets,
> I have the problem.
> I was running Conseal PC Firewall before on PC1, never had a problem.
>
> Things I have tried...
>
> As listed above PC4 has 2 Realtek Network Cards in it. So I put 8Signs
> PC Firewall on that computer and set that computer to share the
> internet connection. SAME PROBLEM. So it's not my hardware. 2
> different machines with differnet network card manufactures have the
> same problem.
>
> Now I have played with my
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
> settings. Such as TCP Window Size, MTU, MTU Discovery, MTU Black Hole
> Detect and many others. I got a whole list of them from a german
> website. I've been having fun and I don't speak german but had google
> translate the website for me.
>
> http://translate.google.com/translate?u=http%3A%2F%2Fwww.synapse.de%2Fr
> egcheck%2Fger%2Fregistry%2Fwin-2000%2Froot%2Fhkey_local_machine%2Fsyste
> m%2Fcurrentcontrolset%2Fservices%2Ftcpip%2Fparameters%2F&langpair=de%7C
> en&hl=en&ie=UTF-8&oe=UTF-8&safe=off&prev=%2Flanguage_tools
>
> And I've been to the microsoft website and many many others.
>
> My point being, no matter how I set things, I can't improve the
> performance of the clients when downloading off of the internet. I can
> only retard their performance and make them worse. I get maximum
> performance if I just return all my registry settings to there normal
> defaul settings, which I have done and just leave them alone.
>
> I have also ran Performance from Administrative Tools in Windows 2000
> on PC1 and set it to show me all errors in either IP, TCP or UDP. I
> tried to download something again from a website. Well I still had the
> same problem, BUT, no errors were popuping up, everything was still at
> zero. (Alot of help that was.)
>
> I should say (IMPORTANT) that I can go to the www.nasa.gov website and
> watch the nasa channel online no problem. I can also go to any website
> no problem. I can play shockwave games no problem AND I can download
> small 1 meg or less programs no problem.
>
> CONCLUSIONS...
>
> The problem seems to come into play when my network speed exceeds
> 200KB/s. It is almost as if, the computer isn't fast enough to filter
> the packets in realtime. I though of that. I check the Windows 2000
> Task Manager which monitors CPU usage on PC1. No matter what I did, as
> long as I left PC1 alone and just surfed the net from PC2, 3 or 4, the
> CPU usage never went about 12%. I've got power to spare. It's not a
> computer speed problem.
>
> There is a problem with transferring the packets at 200KB/s or greater
> from the WAN Adapter, through the packet filter, and out the LAN
> adapter. But it's not because the computer isn't fast enough or
> because there's a compatibility problem with the 2 network adapters
> since I ran 8Signs on PC4 and had the same problem.
>
> I was wondering if it's buffer problem, as in the buffer on the lan
> adapter is being overrun and needs to be enlarged. I know a great deal
> about computers but when we get into things like the guts of the
> operating system I begin to deal with things that I have no idea what
> they are. So I don't even know if such a buffer even exists or where
> to find it. For all I know it goes from the WAN Buffer to the 8Signs
> Buffer to the Lan Buffer and it's the 8Signs buffer that needs to be
> enlarged.
>
> I was also wondering if there's a way to put a waitstate into the flow
> of packets thru PC1. The computer is trying to flow the packets on
> thru as quickly as possible and maybe that's the problem, if things
> were a bit slower, maybe I wouldn't have the problem. I realize this
> would slow down my overall KB/s but since I average 350 KB/s, I think
> I can afford to loose a few. I have played with my MTUs and TCP Window
> Size to accomplish this but realized this is the wrong way to go about
> it.
>
> So any ideas, anyone has, would be GREATLY apprecited.
> I am also open to the idea of using a DIFFERENT firewall, as long as I
> can make rules for 2 different network adapters, and can make rules by
> either IP address, Port Number or Protocol and I would prefer it, if
> it didn't do application filtering, I would be welcome to any
> alternative firewall suggestions anyone has.
>
> I have tried Kerio, I like it alot, I couldn't get it to allow
> anything through so I scrapped it and went to 8signs. Hey, if somebody
> would want to tell me how to get Kerio to work, that would be fine
> too.
>
> Just point me in a direction, give me a clue, that's all I ask.
>
> mrsimpleton
> PS. Don't email me since Angelfire is going out of business and I
> haven't got a new email address yet. Thank You.
>
After all of this looooooooooong verbiage, you can get a cheap $20.00 NAT
router as the gateway for the LAN and WAN and use IPsec that's on the Win
2K, XP and Win 2K3 O/S to supplement the router on inbound or outbound
by port, protocol, IP, DNS and subnet and be done with it. :) And IPsec
doesn't have application filtering.
http://www.homenethelp.com/web/explain/about-NAT.asp
http://www.petri.co.il/block_ping_traffic_with_ipsec.htm
http://www.analogx.com/contents/articles/ipsec.htm
You can implement the AnalogX template base Secpol on the machines and
you're on your way. And you can make any additional rules you like.
You may want to visit the Win 2K *Protecting against Denial of Service
Attacks* section in the link, instead of trying to make registry settings
to speed things up. :)
http://www.uksecurityonline.com/index5.php
Duane :)
- Next message: Duane Arnold: "Re: Small Business FireWall"
- Previous message: Al Cruz: "Small Business FireWall"
- In reply to: mrsimpleton: "8Signs PC Firewall Problem"
- Next in thread: mrsimpleton: "Re: 8Signs PC Firewall Problem"
- Reply: mrsimpleton: "Re: 8Signs PC Firewall Problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
