Hi people.
Some of you might remember I had asked about the chaotic performance of
a LAMP server a few months ago. My team finally brought the local server
where we had tested our sites earlier online. We eliminated each
component of the stack. Finally, we were left with the firewalls.
At the ISP where we have co located, we have two firewalls - one
dedicated hardware firewall shared among three servers and one on the
machine itself. There is some NATing also involved since the LAMP server
has a 192.168.x.x address. The test server which we were using as our
baseline had just its own firewall (iptables).
At the firm suggestion of the ISP's tech/network guys, today, we
switched off the LAMP server's iptables firewall. Now sites are working
like smooooth!
<http://pastebin.com/m63e4e613>
This is our test server's iptables listing. The LAMP server has ports 21
and 443 also open in addition to one listed here. The OUTPUT chain
counters also show a lot of traffic. Otherwise, both iptables are also same.
So my doubt is: was the double firewall (and NATing) the reason for the
earlier chaotic performance? Is there some configuration we have to do
to the iptables before we start it again?
Regards.
--
Rohit V. Bhute
http://rvbhute.org