Hi.
I'm using a Linux-Box to connect to the internet (dsl, rp-pppoe) and this box uses the suse firewall to route/masquerade my other pcs to the net (2xWin98, 1xWin2000).
Now it seems to me, that the connection over the linux-box is much slower than a direct connection with the dsl modem on a win98/2000 client!
Especially when i use my ISP's proxy server, the websites are loading so slow! Normally the Proxy is very fast, and a page is loaded in seconds, with the linux box i have to wait more than 30sek or so, until the server is contacted, and the page is loaded.
Why? Is there a way to fix this problem?

thx

This could be a lot of things. I'll make one or two suggestions.

The fact that you have to wait 30 seconds or so leads me to believe that it might be a DNS problem. Do you have your clients configured to use your ISP's DNS servers, or are you running BIND on your Linux box and having the clients go through it? For the sake of centralization, I DO like to run BIND on my gateway machine and have all my clients go through it, BUT I always had VERY slow lookups doing that when I had my DNS server contact the top-level name servers directly -- I set it up as a forwarder instead, to my ISP's name servers, and initial lookups got a lot faster.

Now... when you visit a web site with one of your clients, does it sit at "Contacting Server..." for a long time, and THEN the page loads at a reasonable speed, or is the entire process slow? If it's the former, it's almost certainly a DNS lookup issue.

If it's the later... you might want to switch to using ipchains/iptables directly so you can have full control over your firewall, rather than trusting some firewall program to do it for you. You might also want to try recompiling your kernel with the "optimize as router, not host" option set, although a 30-second delay tells me that something is actually wrong, not just an unoptimized configuraton.

Tell us more. What about surfing from your Linux machine? What about downloading a large file via FTP, both from the Linux machine and from the Windows machines? What about pinging a site from the Linux machine taht you haven't visited before? What about pinging that same site again, immediately after? Tell more about what kind of behavior you're getting, and it'll help to narrow the problem down.

------------------
http://users.ipa.net/~cmcpher/paminv.gif DEBIAN (http://www.debian.org/) http://users.ipa.net/~cmcpher/paminv.gif
It turns girls into statues!

[This message has been edited by Craig McPherson (edited 13 January 2001).]

I am using my ISP's dns in the IE 5 setup, and i have no problems with big files. I cant use my linux box for surfing, because it has no grapics card/monitor/mouse etc.
The thing is, that with only masquerading activated (and no firewall) everything works much faster.

Well, that's a different issue... with just masquerading but no firewall, things work fine?

What does your firewall script look like?