• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

High Ping Time through a Linux Firewall

G

Garet Jax

Diamond Member
Hello all,

I recently started playing Quake III and I recently started playing it online with a friend of mine. I have a Red Hat Linux 7.2 machine acting as a firewall and a gateway to the internet for my Comcast Cable Modem connection. I installed Red Hat Linux choosing the server option and have left everything as is except as noted below.

I have created an IPTables rule set to allow my other machines internet access. This means I disabled IPChains and enabled IPTables.

Yesterday, my friend showed me how to find out my ping time in Quake III. We found that I was always 250+.

I went into the Linux machine and disabled most of the services. There are still five services running:

1) iptables
2) keytable
3) network
4) nfslock
5) syslog

The ping time dropped to around 160. In my opinion, this is still too high for a cable modem connection.

I have a few questions:
1) Can I disable any of the 5 remaining services to try and improve the ping time?
2) Are there any other things I can do to try and improve the ping time?
3) I am expecting a certain amount of lag going through the linux box, but are my expectations too high?

Thanks a lot.
 
I don't think you should see much if any lag because of the linux box. Try this:

Ping the quake server from the windows box.
Ping the quake server from the linux box.

If you compare the times there should not be much difference if any at all. If there is, try to ping your linux box from ur windows box using the local address and vice versa. I ran a few tests on my setup and it returned values below 0ms.

Also keep in mind cable modems usually experience more lag than dsl.

Edit: You may want to check out firestarter. Its a nice gui tool to configure your iptable ruleset for masq and firewall.
 
Edit: You may want to check out <a class=ftalternatingbarlinklarge href="http://firestarter.sourceforge.net/" target=blank>firestarter</A>. Its a nice gui tool to configure your iptable ruleset for masq and firewall.
Click to expand...

TJ69,

I will try the ping with my friend's machine when I talk to him next. His provider changes his IP address frequently so I need to get his updated one.

I was able to ping the Linux box from two different Windows machines in under 10ms.

I looked quickly at firestarter and it looks like it is a tool for IPChains not IPTables.

Everyone,

Back to the original three questions.

 
Yea the number of services you're running shouldnt have any affect at all. (unless you're maxing out ram+swap and you start thrashing or something).

Like TJ said, test it out by pinging a place from both machines.

I'm betting the difference you saw was the difference between peak and non-peak times. Simple byproduct of how cable works.

bart
 
Firestarter is just a front end to iptables.

Just to make sure it's your firewall that's the bottleneck,
-drop your firewall with '/etc/init.d/iptables stop'
-re-time your ping

If the ping times are better with it down,
-do a 'netstat -ptanu' (while you're using quake) to see what local & remote ports it's using.
-allow those ports in the script

That's what I would do, anyway.

[edit:] if you know the server, you can also do a traceroute to see where the bottleneck is. It could be some router in utah
 
I have a Linux box using ipchains and my ping times get as low as ~30ms to some servers. It's highly unlikely the Linux box is the problem.
 
I believe Firestarter uses iptables. I verified by checking the iptable ruleset that it generated.
 
from my understanding of the netfilter/iptables infrastructure, all IP/NAT (masquerading and forwarding) are done in the kernel's TCP/IP stack. which means, server load from other services, is not a factor as long as the machine has enough system resources to meet basic kernel tasks.

However, if the driver (or your NIC) is crappy, you might be having buffer issues. but i doubt that.

do the ping from windows, and compare it from the ping reply on linux.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top