I managed to get the transfer rate over NFSv3 from 7.65MiB /s to 8.75 MiB/s by removing iptables.
I timed the transfer speed by downloading a file over NFSv3 (default settings).
The copying was done via the following command
Code: Select all
cat <big_file_at_nfs_server> /dev/nullFirst I Tested with IP-tables enabled, and set to the following rules (Bubba2 default?):
Code: Select all
Chain INPUT (policy DROP)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp flags:SYN,ACK/SYN,ACK state NEW reject-with tcp-reset
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Eyeballing an average to around 7.65 MiB/s
Now turning of most of the iptables rules,
modifing the /etc/network/firewall.conf file to look like this:
Code: Select all
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
[code|
/etc/init.d/bubba-firewall restart
[/code]
Speed seems to peak at 7.91MiB/s
Eyeballing an average to around 7.82MiB/s
just a minor improvement.
lsmod shows the following:
Code: Select all
Module Size Used by
ipt_REJECT 1992 0
xt_state 908 0
xt_tcpudp 1836 0
iptable_filter 924 0
ipt_MASQUERADE 1196 0
iptable_nat 3312 0
ip_tables 9984 2 iptable_filter,iptable_nat
x_tables 9716 6 ipt_REJECT,xt_state,xt_tcpudp,ipt_MASQUERADE,iptable_nat,ip_tables
nfsd 87200 11
nfs_acl 2176 1 nfsd
exportfs 3044 1 nfsd
ipv6 228132 32
nf_conntrack_irc 2784 0
nf_nat_ftp 1460 0
nf_nat 11654 3 ipt_MASQUERADE,iptable_nat,nf_nat_ftp
nf_conntrack_ipv4 8656 3 iptable_nat,nf_nat
nf_defrag_ipv4 756 1 nf_conntrack_ipv4
nf_conntrack_ftp 4892 1 nf_nat_ftp
nf_conntrack 44532 8 xt_state,ipt_MASQUERADE,iptable_nat,nf_conntrack_irc,nf_nat_ftp,nf_nat,nf_conntrack_ipv4,nf_conntrack_ftp
dm_snapshot 20528 0
dm_mirror 12372 0
dm_region_hash 6220 1 dm_mirror
dm_log 7344 2 dm_mirror,dm_region_hash
mpc8xxx_wdt 3640 0
Code: Select all
rmmod ipt_REJECT
rmmod xt_state
rmmod xt_tcpudp
rmmod iptable_filter
rmmod ipt_MASQUERADE
rmmod iptable_nat
rmmod ip_tables
rmmod x_tables
Code: Select all
Module Size Used by
nfsd 87200 11
nfs_acl 2176 1 nfsd
exportfs 3044 1 nfsd
ipv6 228132 32
nf_conntrack_irc 2784 0
nf_nat_ftp 1460 0
nf_nat 11654 1 nf_nat_ftp
nf_conntrack_ipv4 8656 2 nf_nat
nf_defrag_ipv4 756 1 nf_conntrack_ipv4
nf_conntrack_ftp 4892 1 nf_nat_ftp
nf_conntrack 44532 5 nf_conntrack_irc,nf_nat_ftp,nf_nat,nf_conntrack_ipv4,nf_conntrack_ftp
dm_snapshot 20528 0
dm_mirror 12372 0
dm_region_hash 6220 1 dm_mirror
dm_log 7344 2 dm_mirror,dm_region_hash
mpc8xxx_wdt 3640 0
Speed seems to peak at 8.80MiB/s
Eyeballing an average to around 8.75 MiB/s
For everyone that is just using the Bubba 2 as a home-server, completely removing the IP-tables should be a viable solution for a nice transfer rate improvement.
For everyone using the Bubba 2 as a router, a different set of IP-filtering software then ip-tables might show some improvements. If someone have the time to try it out, please let me know!