[arch-general] Compiling Firefox
Hi, In order to improve firefox's reponse time, I'm thinking of compiling firefox with gcc's -O3 and -march settings from the ABS. Any tips on that matter, about updates, etc. ? -- Nilesh Govindarajan Facebook: nilesh.gr Twitter: nileshgr Website: www.itech7.com
On 05/30/2010 10:53 PM, Nilesh Govindarajan wrote:
Hi,
In order to improve firefox's reponse time, I'm thinking of compiling firefox with gcc's -O3 and -march settings from the ABS. Any tips on that matter, about updates, etc. ?
Try firefox-pgo. You have to be careful with gcc options when compiling firefox. The AUR's firefox-pgo sets up properly for you.
On Mon, May 31, 2010 at 8:26 AM, Matthew Monaco <dgbaley27@verizon.net> wrote:
On 05/30/2010 10:53 PM, Nilesh Govindarajan wrote:
Hi,
In order to improve firefox's reponse time, I'm thinking of compiling firefox with gcc's -O3 and -march settings from the ABS. Any tips on that matter, about updates, etc. ?
Try firefox-pgo. You have to be careful with gcc options when compiling firefox. The AUR's firefox-pgo sets up properly for you.
It seems firefox-pgo is for 64bit, but I am on 32bit. I had put up a thread about upgrading to 64bit, but many suggested that it would not improve the performance much :( Should I compile after upgrading ? -- Nilesh Govindarajan Facebook: nilesh.gr Twitter: nileshgr Website: www.itech7.com
On Sun, May 30, 2010 at 10:03 PM, Nilesh Govindarajan <lists@itech7.com>wrote:
On Mon, May 31, 2010 at 8:26 AM, Matthew Monaco <dgbaley27@verizon.net> wrote:
On 05/30/2010 10:53 PM, Nilesh Govindarajan wrote:
Hi,
In order to improve firefox's reponse time, I'm thinking of compiling firefox with gcc's -O3 and -march settings from the ABS. Any tips on that matter, about updates, etc. ?
Try firefox-pgo. You have to be careful with gcc options when compiling firefox. The AUR's firefox-pgo sets up properly for you.
It seems firefox-pgo is for 64bit, but I am on 32bit. I had put up a thread about upgrading to 64bit, but many suggested that it would not improve the performance much :( Should I compile after upgrading ?
-- Nilesh Govindarajan Facebook: nilesh.gr Twitter: nileshgr Website: www.itech7.com
it should be for both 32 and 64 bit
On Mon, May 31, 2010 at 8:34 AM, Jeffrey Lynn Parke Jr. <jeffrey.parke@gmail.com> wrote:
On Sun, May 30, 2010 at 10:03 PM, Nilesh Govindarajan <lists@itech7.com>wrote:
On Mon, May 31, 2010 at 8:26 AM, Matthew Monaco <dgbaley27@verizon.net> wrote:
On 05/30/2010 10:53 PM, Nilesh Govindarajan wrote:
Hi,
In order to improve firefox's reponse time, I'm thinking of compiling firefox with gcc's -O3 and -march settings from the ABS. Any tips on that matter, about updates, etc. ?
Try firefox-pgo. You have to be careful with gcc options when compiling firefox. The AUR's firefox-pgo sets up properly for you.
It seems firefox-pgo is for 64bit, but I am on 32bit. I had put up a thread about upgrading to 64bit, but many suggested that it would not improve the performance much :( Should I compile after upgrading ?
-- Nilesh Govindarajan Facebook: nilesh.gr Twitter: nileshgr Website: www.itech7.com
it should be for both 32 and 64 bit
Hmm, I think so, the compilation should fail if not :) What's about firefox-qt ? Is it worth installing it ? -- Nilesh Govindarajan Facebook: nilesh.gr Twitter: nileshgr Website: www.itech7.com
On Sun, May 30, 2010 at 10:15 PM, Nilesh Govindarajan <lists@itech7.com>wrote:
On Mon, May 31, 2010 at 8:34 AM, Jeffrey Lynn Parke Jr. <jeffrey.parke@gmail.com> wrote:
On Sun, May 30, 2010 at 10:03 PM, Nilesh Govindarajan <lists@itech7.com wrote:
On Mon, May 31, 2010 at 8:26 AM, Matthew Monaco <dgbaley27@verizon.net> wrote:
On 05/30/2010 10:53 PM, Nilesh Govindarajan wrote:
Hi,
In order to improve firefox's reponse time, I'm thinking of compiling firefox with gcc's -O3 and -march settings from the ABS. Any tips on that matter, about updates, etc. ?
Try firefox-pgo. You have to be careful with gcc options when compiling firefox. The AUR's firefox-pgo sets up properly for you.
It seems firefox-pgo is for 64bit, but I am on 32bit. I had put up a thread about upgrading to 64bit, but many suggested that it would not improve the performance much :( Should I compile after upgrading ?
-- Nilesh Govindarajan Facebook: nilesh.gr Twitter: nileshgr Website: www.itech7.com
it should be for both 32 and 64 bit
Hmm, I think so, the compilation should fail if not :) What's about firefox-qt ? Is it worth installing it ?
-- Nilesh Govindarajan Facebook: nilesh.gr Twitter: nileshgr Website: www.itech7.com
that's a firefox port for the qt toolkit, as opposed to the regular gtk one.
On Mon, May 31, 2010 at 8:51 AM, Jeffrey Lynn Parke Jr. <jeffrey.parke@gmail.com> wrote:
On Sun, May 30, 2010 at 10:15 PM, Nilesh Govindarajan <lists@itech7.com>wrote:
On Mon, May 31, 2010 at 8:34 AM, Jeffrey Lynn Parke Jr. <jeffrey.parke@gmail.com> wrote:
On Sun, May 30, 2010 at 10:03 PM, Nilesh Govindarajan <lists@itech7.com wrote:
On Mon, May 31, 2010 at 8:26 AM, Matthew Monaco <dgbaley27@verizon.net> wrote:
On 05/30/2010 10:53 PM, Nilesh Govindarajan wrote:
Hi,
In order to improve firefox's reponse time, I'm thinking of compiling firefox with gcc's -O3 and -march settings from the ABS. Any tips on that matter, about updates, etc. ?
Try firefox-pgo. You have to be careful with gcc options when compiling firefox. The AUR's firefox-pgo sets up properly for you.
It seems firefox-pgo is for 64bit, but I am on 32bit. I had put up a thread about upgrading to 64bit, but many suggested that it would not improve the performance much :( Should I compile after upgrading ?
-- Nilesh Govindarajan Facebook: nilesh.gr Twitter: nileshgr Website: www.itech7.com
it should be for both 32 and 64 bit
Hmm, I think so, the compilation should fail if not :) What's about firefox-qt ? Is it worth installing it ?
-- Nilesh Govindarajan Facebook: nilesh.gr Twitter: nileshgr Website: www.itech7.com
that's a firefox port for the qt toolkit, as opposed to the regular gtk one.
I know that, but is it worth installing ? -- Nilesh Govindarajan Facebook: nilesh.gr Twitter: nileshgr Website: www.itech7.com
On Mon, May 31, 2010 at 8:53 AM, Nilesh Govindarajan <lists@itech7.com> wrote:
On Mon, May 31, 2010 at 8:51 AM, Jeffrey Lynn Parke Jr. <jeffrey.parke@gmail.com> wrote:
On Sun, May 30, 2010 at 10:15 PM, Nilesh Govindarajan <lists@itech7.com>wrote:
On Mon, May 31, 2010 at 8:34 AM, Jeffrey Lynn Parke Jr. <jeffrey.parke@gmail.com> wrote:
On Sun, May 30, 2010 at 10:03 PM, Nilesh Govindarajan <lists@itech7.com wrote:
On Mon, May 31, 2010 at 8:26 AM, Matthew Monaco <dgbaley27@verizon.net> wrote:
On 05/30/2010 10:53 PM, Nilesh Govindarajan wrote: > > Hi, > > In order to improve firefox's reponse time, I'm thinking of compiling > firefox with gcc's -O3 and -march settings from the ABS. > Any tips on that matter, about updates, etc. ? >
Try firefox-pgo. You have to be careful with gcc options when compiling firefox. The AUR's firefox-pgo sets up properly for you.
It seems firefox-pgo is for 64bit, but I am on 32bit. I had put up a thread about upgrading to 64bit, but many suggested that it would not improve the performance much :( Should I compile after upgrading ?
-- Nilesh Govindarajan Facebook: nilesh.gr Twitter: nileshgr Website: www.itech7.com
it should be for both 32 and 64 bit
Hmm, I think so, the compilation should fail if not :) What's about firefox-qt ? Is it worth installing it ?
-- Nilesh Govindarajan Facebook: nilesh.gr Twitter: nileshgr Website: www.itech7.com
that's a firefox port for the qt toolkit, as opposed to the regular gtk one.
I know that, but is it worth installing ?
-- Nilesh Govindarajan Facebook: nilesh.gr Twitter: nileshgr Website: www.itech7.com
Because I use KDE full time. -- Nilesh Govindarajan Facebook: nilesh.gr Twitter: nileshgr Website: www.itech7.com
On 31/05/10 13:23, Nilesh Govindarajan wrote:
On Mon, May 31, 2010 at 8:51 AM, Jeffrey Lynn Parke Jr. <jeffrey.parke@gmail.com> wrote:
On Sun, May 30, 2010 at 10:15 PM, Nilesh Govindarajan<lists@itech7.com>wrote:
On Mon, May 31, 2010 at 8:34 AM, Jeffrey Lynn Parke Jr. <jeffrey.parke@gmail.com> wrote:
On Sun, May 30, 2010 at 10:03 PM, Nilesh Govindarajan<lists@itech7.com wrote:
On Mon, May 31, 2010 at 8:26 AM, Matthew Monaco<dgbaley27@verizon.net> wrote:
On 05/30/2010 10:53 PM, Nilesh Govindarajan wrote: > > Hi, > > In order to improve firefox's reponse time, I'm thinking of compiling > firefox with gcc's -O3 and -march settings from the ABS. > Any tips on that matter, about updates, etc. ? >
Try firefox-pgo. You have to be careful with gcc options when compiling firefox. The AUR's firefox-pgo sets up properly for you.
It seems firefox-pgo is for 64bit, but I am on 32bit. I had put up a thread about upgrading to 64bit, but many suggested that it would not improve the performance much :( Should I compile after upgrading ?
it should be for both 32 and 64 bit
Hmm, I think so, the compilation should fail if not :) What's about firefox-qt ? Is it worth installing it ?
that's a firefox port for the qt toolkit, as opposed to the regular gtk one.
I know that, but is it worth installing ?
Surely you can decide yourself.
On Mon, May 31, 2010 at 9:01 AM, Allan McRae <allan@archlinux.org> wrote:
On 31/05/10 13:23, Nilesh Govindarajan wrote:
On Mon, May 31, 2010 at 8:51 AM, Jeffrey Lynn Parke Jr. <jeffrey.parke@gmail.com> wrote:
On Sun, May 30, 2010 at 10:15 PM, Nilesh Govindarajan<lists@itech7.com>wrote:
On Mon, May 31, 2010 at 8:34 AM, Jeffrey Lynn Parke Jr. <jeffrey.parke@gmail.com> wrote:
On Sun, May 30, 2010 at 10:03 PM, Nilesh Govindarajan<lists@itech7.com wrote:
On Mon, May 31, 2010 at 8:26 AM, Matthew Monaco<dgbaley27@verizon.net> wrote: > > On 05/30/2010 10:53 PM, Nilesh Govindarajan wrote: >> >> Hi, >> >> In order to improve firefox's reponse time, I'm thinking of >> compiling >> firefox with gcc's -O3 and -march settings from the ABS. >> Any tips on that matter, about updates, etc. ? >> > > Try firefox-pgo. You have to be careful with gcc options when
compiling
> > firefox. The AUR's firefox-pgo sets up properly for you. >
It seems firefox-pgo is for 64bit, but I am on 32bit. I had put up a thread about upgrading to 64bit, but many suggested that it would not improve the performance much :( Should I compile after upgrading ?
it should be for both 32 and 64 bit
Hmm, I think so, the compilation should fail if not :) What's about firefox-qt ? Is it worth installing it ?
that's a firefox port for the qt toolkit, as opposed to the regular gtk one.
I know that, but is it worth installing ?
Surely you can decide yourself.
I heard that firefox-qt is still under heavy development and is not much good. I am on a slow connection, so would like a feedback if someone is already using it. -- Nilesh Govindarajan Facebook: nilesh.gr Twitter: nileshgr Website: www.itech7.com
On Monday 31 May 2010 09:03:08 Nilesh Govindarajan wrote:
On Mon, May 31, 2010 at 9:01 AM, Allan McRae <allan@archlinux.org> wrote:
On 31/05/10 13:23, Nilesh Govindarajan wrote:
On Mon, May 31, 2010 at 8:51 AM, Jeffrey Lynn Parke Jr.
that's a firefox port for the qt toolkit, as opposed to the regular gtk one.
I know that, but is it worth installing ?
Surely you can decide yourself.
I heard that firefox-qt is still under heavy development and is not much good. I am on a slow connection, so would like a feedback if someone is already using it.
I would recommend rekonq and kde webkit part. The later is in AUR. For the former, it is available from upstream git and pretty usable as day-to-day browser, especially when there is firefox to fallback to. -- Regards Shridhar
On Mon, May 31, 2010 at 9:41 AM, Shridhar Daithankar <ghodechhap@ghodechhap.net> wrote:
On Monday 31 May 2010 09:03:08 Nilesh Govindarajan wrote:
On Mon, May 31, 2010 at 9:01 AM, Allan McRae <allan@archlinux.org> wrote:
On 31/05/10 13:23, Nilesh Govindarajan wrote:
On Mon, May 31, 2010 at 8:51 AM, Jeffrey Lynn Parke Jr.
that's a firefox port for the qt toolkit, as opposed to the regular gtk one.
I know that, but is it worth installing ?
Surely you can decide yourself.
I heard that firefox-qt is still under heavy development and is not much good. I am on a slow connection, so would like a feedback if someone is already using it.
I would recommend rekonq and kde webkit part. The later is in AUR. For the former, it is available from upstream git and pretty usable as day-to-day browser, especially when there is firefox to fallback to.
-- Regards Shridhar
Nope. I have 24 addons in Firefox. Just cannot leave firefox. I loved the chrome UI, so installed chromifox extreme (with chromifox companion) which makes firefox look and behave like chrome :D Firefox QT's screenshots are impressive, worth a try. -- Nilesh Govindarajan Facebook: nilesh.gr Twitter: nileshgr Website: www.itech7.com
On 05/31/10 00:18, Nilesh Govindarajan wrote:
Nope. I have 24 addons in Firefox. Just cannot leave firefox.
:) then a thought-- Do you use very many tabs or windows simultaneously? If so, check Firefox's RAM usage -- e.g. for me, firefox making my system slow is all about it using up a large fraction of my RAM. The only way to avoid this, if it's an issue for you, is... - Get more RAM - use less tabs, or restart firefox every so often (this helps hugely..I suppose this means that firefox has memory leaks or such), or maybe avoid sites that slow down firefox (I think facebook is one of them) - think about addons. Some addons can make things worse. On the other hand, I bet Adblock Plus makes things better, because then the ads don't have to fill up your computer's memory, and maybe NoScript too. Optimizing the code won't help RAM usage at all! GTK vs. QT might, but likely they both have to be loaded into your RAM already for other programs. Just check a system monitor like 'top' and see whether Firefox has lots of RAM usage, or CPU usage, or whatever you notice there. -Isaac
On Mon, May 31, 2010 at 10:00 AM, Isaac Dupree <ml@isaac.cedarswampstudios.org> wrote:
On 05/31/10 00:18, Nilesh Govindarajan wrote:
Nope. I have 24 addons in Firefox. Just cannot leave firefox.
:)
then a thought--
Do you use very many tabs or windows simultaneously? If so, check Firefox's RAM usage -- e.g. for me, firefox making my system slow is all about it using up a large fraction of my RAM. The only way to avoid this, if it's an issue for you, is... - Get more RAM - use less tabs, or restart firefox every so often (this helps hugely..I suppose this means that firefox has memory leaks or such), or maybe avoid sites that slow down firefox (I think facebook is one of them) - think about addons. Some addons can make things worse. On the other hand, I bet Adblock Plus makes things better, because then the ads don't have to fill up your computer's memory, and maybe NoScript too.
Optimizing the code won't help RAM usage at all! GTK vs. QT might, but likely they both have to be loaded into your RAM already for other programs. Just check a system monitor like 'top' and see whether Firefox has lots of RAM usage, or CPU usage, or whatever you notice there.
-Isaac
I have disabled memory caching in firefox, so memory usage doesn't go beyond 250 M (6 tabs, the maximum for me usually). I am installing firefox-qt :D -- Nilesh Govindarajan Facebook: nilesh.gr Twitter: nileshgr Website: www.itech7.com
On Monday 31 May 2010 09:48:51 Nilesh Govindarajan wrote:
Nope. I have 24 addons in Firefox. Just cannot leave firefox. I loved the chrome UI, so installed chromifox extreme (with chromifox companion) which makes firefox look and behave like chrome :D Firefox QT's screenshots are impressive, worth a try.
Just a curious question from a casual firefox user. What addons do you use ? I have never used a single addon for firefox so just want to know. -- Regards Shridhar
On Mon, May 31, 2010 at 11:06 AM, Shridhar Daithankar <ghodechhap@ghodechhap.net> wrote:
On Monday 31 May 2010 09:48:51 Nilesh Govindarajan wrote:
Nope. I have 24 addons in Firefox. Just cannot leave firefox. I loved the chrome UI, so installed chromifox extreme (with chromifox companion) which makes firefox look and behave like chrome :D Firefox QT's screenshots are impressive, worth a try.
Just a curious question from a casual firefox user. What addons do you use ?
I have never used a single addon for firefox so just want to know.
-- Regards Shridhar
1. Adblock Plus 2. Chromifox Companion 3. CoolPreviews 4. Delicious Bookmarks 5. Echofon 6. FastestFox 7. Firebug 8. Gmail Manager 9. Google Toolbar 10. greasedlightbox 11. GreaseFire 12. GreaseMonkey 13. Hide GUI Bars 14. Inline Code Finder for Firebug 15. Lazarus 16. Page Speed 17. PDF Download 18. Screengrab 19. Secure Login 20. Shorten URL 21. Stumbeupon 22. Tab Mix Plus 23. Vacuum Places Improved 24. The Chromifox Extreme Theme -- Nilesh Govindarajan Facebook: nilesh.gr Twitter: nileshgr Website: www.itech7.com
On Mon, May 31, 2010 at 11:11 AM, Nilesh Govindarajan <lists@itech7.com> wrote:
On Mon, May 31, 2010 at 11:06 AM, Shridhar Daithankar <ghodechhap@ghodechhap.net> wrote:
On Monday 31 May 2010 09:48:51 Nilesh Govindarajan wrote:
Nope. I have 24 addons in Firefox. Just cannot leave firefox. I loved the chrome UI, so installed chromifox extreme (with chromifox companion) which makes firefox look and behave like chrome :D Firefox QT's screenshots are impressive, worth a try.
Just a curious question from a casual firefox user. What addons do you use ?
I have never used a single addon for firefox so just want to know.
-- Regards Shridhar
1. Adblock Plus 2. Chromifox Companion 3. CoolPreviews 4. Delicious Bookmarks 5. Echofon 6. FastestFox 7. Firebug 8. Gmail Manager 9. Google Toolbar 10. greasedlightbox 11. GreaseFire 12. GreaseMonkey 13. Hide GUI Bars 14. Inline Code Finder for Firebug 15. Lazarus 16. Page Speed 17. PDF Download 18. Screengrab 19. Secure Login 20. Shorten URL 21. Stumbeupon 22. Tab Mix Plus 23. Vacuum Places Improved 24. The Chromifox Extreme Theme
-- Nilesh Govindarajan Facebook: nilesh.gr Twitter: nileshgr Website: www.itech7.com
OMG so many addons? How much time does it take for firefox to start up?
On Mon, May 31, 2010 at 11:39 AM, Madhurya Kakati <mkakati2805@gmail.com> wrote:
On Mon, May 31, 2010 at 11:11 AM, Nilesh Govindarajan <lists@itech7.com> wrote:
On Mon, May 31, 2010 at 11:06 AM, Shridhar Daithankar <ghodechhap@ghodechhap.net> wrote:
On Monday 31 May 2010 09:48:51 Nilesh Govindarajan wrote:
Nope. I have 24 addons in Firefox. Just cannot leave firefox. I loved the chrome UI, so installed chromifox extreme (with chromifox companion) which makes firefox look and behave like chrome :D Firefox QT's screenshots are impressive, worth a try.
Just a curious question from a casual firefox user. What addons do you use ?
I have never used a single addon for firefox so just want to know.
-- Regards Shridhar
1. Adblock Plus 2. Chromifox Companion 3. CoolPreviews 4. Delicious Bookmarks 5. Echofon 6. FastestFox 7. Firebug 8. Gmail Manager 9. Google Toolbar 10. greasedlightbox 11. GreaseFire 12. GreaseMonkey 13. Hide GUI Bars 14. Inline Code Finder for Firebug 15. Lazarus 16. Page Speed 17. PDF Download 18. Screengrab 19. Secure Login 20. Shorten URL 21. Stumbeupon 22. Tab Mix Plus 23. Vacuum Places Improved 24. The Chromifox Extreme Theme
-- Nilesh Govindarajan Facebook: nilesh.gr Twitter: nileshgr Website: www.itech7.com
OMG so many addons? How much time does it take for firefox to start up?
10-16 secs with preload and prelink. -- Nilesh Govindarajan Facebook: nilesh.gr Twitter: nileshgr Website: www.itech7.com
Hi group, Sorry to bother you (normally I don't intervene in this group and restrict myself to the forums), but I'm in a pickle at the moment: I have a server set up to be everything for my soho: dovecot, nfs, calendar, ldap, krb5 and also bind9 / iptables. Since I upgraded to a new server last friday, The clients on the network have no connection to the outside world anymore. Only the communication through the server is working (email and newsgroups, but also ssh to the server and then browsing in links2 works). So, there is a problem with transferring packets. These are my observations: - I enter the name of the website www.google.com - The browser gets an answer: redirect to www.google.be (this rules out a faulty iptables config, I think) - then my browser just sits there, waiting for packets that are not coming Updating via pacman or aptitude (Debian box) also fails. It is very hard debugging stuff like this, and using the internet to find the answer is out of the question... Does anyone have a clue? THX! Vincent
Hi, Try the following 1) $ ping -c 5 google.com $ ping -c 5 8.8.8.8 see if you get a response 2) now try and initiate a connection manually $ telnet google.com 80 For troubleshooting, * Trying Disabling Iptables and see if that solves the problem $ /etc/rc.d/iptables stop also check if your routing table is configured correctly $ route -n And lastly, see if the network interface has been correctly assigned IP address, netmark and gateway $ ifconfig -a Hope this helps Regards, Gaurish Sharma www.gaurishsharma.com On Mon, May 31, 2010 at 1:29 PM, Vincent Van Houtte <vvh@synergylaw.be> wrote:
Hi group,
Sorry to bother you (normally I don't intervene in this group and restrict myself to the forums), but I'm in a pickle at the moment:
I have a server set up to be everything for my soho: dovecot, nfs, calendar, ldap, krb5 and also bind9 / iptables.
Since I upgraded to a new server last friday, The clients on the network have no connection to the outside world anymore. Only the communication through the server is working (email and newsgroups, but also ssh to the server and then browsing in links2 works).
So, there is a problem with transferring packets. These are my observations: - I enter the name of the website www.google.com - The browser gets an answer: redirect to www.google.be (this rules out a faulty iptables config, I think) - then my browser just sits there, waiting for packets that are not coming
Updating via pacman or aptitude (Debian box) also fails.
It is very hard debugging stuff like this, and using the internet to find the answer is out of the question...
Does anyone have a clue?
THX!
Vincent
Hi, Thank you for your quick reply!
1)
$ ping -c 5 google.com $ ping -c 5 8.8.8.8 see if you get a response
Yep: works flawlessly. 0% packetloss and the timings are normal (~14ms)
2) now try and initiate a connection manually
$ telnet google.com 80
Works. after several minutes the connection is terminated automatically (I was on the phone), but that is to be expected I guess.
For troubleshooting, * Trying Disabling Iptables and see if that solves the problem $ /etc/rc.d/iptables stop
That is something I have not yet done. Last time I did this, I interpreted the flush-flag wrong and made all connections to the server impossible. Anyway, this is the output of iptables -L: (client) Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination (server) Chain INPUT (policy DROP) target prot opt source destination ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere REJECT tcp -- anywhere anywhere tcp dpt:auth reject-with icmp-port-unreachable ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT all -- anywhere BASE-ADDRESS.MCAST.NET/8 ACCEPT udp -- anywhere anywhere udp dpt:kerberos ACCEPT tcp -- anywhere anywhere tcp dpt:imaps ACCEPT tcp -- anywhere anywhere tcp dpt:2222 ACCEPT tcp -- anywhere anywhere tcp dpt:postgresql ACCEPT tcp -- anywhere anywhere tcp dpt:xmpp-client ACCEPT tcp -- anywhere anywhere tcp dpt:5223 ACCEPT tcp -- anywhere anywhere tcp dpt:xmpp-server ACCEPT tcp -- anywhere anywhere tcp dpt:5280 ACCEPT tcp -- anywhere anywhere tcp dpt:openvpn ACCEPT tcp -- anywhere anywhere tcp dpt:9443 DROP tcp -- anywhere anywhere tcp dpt:www icmp-input icmp -- anywhere anywhere DROP tcp -- anywhere anywhere state INVALID,NEW DROP udp -- anywhere anywhere state INVALID,NEW LOG all -- anywhere anywhere LOG level warning Chain FORWARD (policy DROP) target prot opt source destination ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere icmp-input icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:ssh DROP udp -- anywhere anywhere state INVALID,NEW Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain icmp-input (2 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT icmp -- anywhere anywhere icmp echo-request DROP all -- anywhere anywhere
also check if your routing table is configured correctly $ route -n
# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0 I don't know how to interpret this. '192.168.0.0' seems wrong. I think it should be '192.168.0.1', which is the IP-address of the server.
And lastly, see if the network interface has been correctly assigned IP address, netmark and gateway $ ifconfig -a
# ifconfig -a eth0 Link encap:Ethernet HWaddr 00:23:54:25:1d:b2 inet addr:192.168.0.22 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::223:54ff:fe25:1db2/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4510219 errors:0 dropped:0 overruns:0 frame:0 TX packets:2483470 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:6389750913 (5.9 GiB) TX bytes:279160373 (266.2 MiB) Interrupt:26 Base address:0xc000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:13868 errors:0 dropped:0 overruns:0 frame:0 TX packets:13868 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:845358 (825.5 KiB) TX bytes:845358 (825.5 KiB) Hmmm... IIRC We had a network-problem several years ago and the solution was to restrict IP to IPv4. Could this be it? THX, Vincent -- Advocatenkantoor Suy, Van Baeveghem & Van Houtte Brusselsestraat 108 9200 Dendermonde T +32.52.52.06.05 F +32.52.52.06.46 W http://www.synergylaw.be
On 31/05/10 08:59, Vincent Van Houtte wrote:
Hi group,
Sorry to bother you (normally I don't intervene in this group and restrict myself to the forums), but I'm in a pickle at the moment:
I have a server set up to be everything for my soho: dovecot, nfs, calendar, ldap, krb5 and also bind9 / iptables.
Since I upgraded to a new server last friday, The clients on the network have no connection to the outside world anymore. Only the communication through the server is working (email and newsgroups, but also ssh to the server and then browsing in links2 works).
So, there is a problem with transferring packets. These are my observations: - I enter the name of the website www.google.com - The browser gets an answer: redirect to www.google.be (this rules out a faulty iptables config, I think) - then my browser just sits there, waiting for packets that are not coming
Updating via pacman or aptitude (Debian box) also fails.
It is very hard debugging stuff like this, and using the internet to find the answer is out of the question...
Does anyone have a clue?
Just to see if I've understood you correctly: - The box you upgraded is a NAT gateway/proxy for a set of internal boxes, correct? - Does the upgraded box have full access to both internet and the internal network? - Can the internal boxes communicate with the gateway box? - The internal boxes cannot reach the internet (e.g. Google), right? Does that pretty much sum it up? Cheers, M -- Magnus Therning (OpenPGP: 0xAB4DFBA4) magnus@therning.org Jabber: magnus@therning.org http://therning.org/magnus identi.ca|twitter: magthe
Just to see if I've understood you correctly:
- The box you upgraded is a NAT gateway/proxy for a set of internal boxes, correct?
Yes.
- Does the upgraded box have full access to both internet and the internal network?
Yes.
- Can the internal boxes communicate with the gateway box?
Yes. Internally everything seems to work: email, nfs, caldav, browsing to other devices (printer/telephones) over port 80 and 9443. The only *known* exception being that I cannot connect to port 631 over HTTP (cups) on the server, while if I use ssh to the server and connect to localhost:631, I get the admin pages of cups (albeit with every printer URI set to file://dev/null, but that is probably unrelated behaviour).
- The internal boxes cannot reach the internet (e.g. Google), right?
Yes and no. It seems that I can reach them (I see in firefox' statusbar that www.google.com is redirected to www.google.be), but I receive no content of the pages whatsoever.
Does that pretty much sum it up?
Yes! Thank you for thinking with me! Vincent -- Advocatenkantoor Suy, Van Baeveghem & Van Houtte Brusselsestraat 108 9200 Dendermonde T +32.52.52.06.05 F +32.52.52.06.46 W http://www.synergylaw.be
IP Forwarding is probably disabled. # sysctl -w net.ipv4.ip_forward=1 Try it. -- Nilesh Govindarajan Facebook: nilesh.gr Twitter: nileshgr Website: www.itech7.com
On Mon, 2010-05-31 at 14:03 +0530, Nilesh Govindarajan wrote:
IP Forwarding is probably disabled.
# sysctl -w net.ipv4.ip_forward=1
Thank you. Unfortunately that is not it: # sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 1 (this only applies to the server config of course - the clients have this set to 0, but that should be normal) Vincent -- Advocatenkantoor Suy, Van Baeveghem & Van Houtte Brusselsestraat 108 9200 Dendermonde T +32.52.52.06.05 F +32.52.52.06.46 W http://www.synergylaw.be
On Mon, 2010-05-31 at 11:32 +0200, Vincent Van Houtte wrote:
On Mon, 2010-05-31 at 14:03 +0530, Nilesh Govindarajan wrote:
IP Forwarding is probably disabled.
# sysctl -w net.ipv4.ip_forward=1
Thank you. Unfortunately that is not it:
# sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 1
Seems like this was a problem with my ISP, that had a broken router with wrong MTU-values (If I understood correctly). There is a workaround available, and applying that has fixed our problem. Since the solution was not found by me, I cannot post it here. If someone is interested, I'll see if I can get it from 'my man'. THX again. Vincent -- Advocatenkantoor Suy, Van Baeveghem & Van Houtte Brusselsestraat 108 9200 Dendermonde T +32.52.52.06.05 F +32.52.52.06.46 W http://www.synergylaw.be
participants (10)
-
Allan McRae
-
Gaurish Sharma
-
Isaac Dupree
-
Jeffrey Lynn Parke Jr.
-
Madhurya Kakati
-
Magnus Therning
-
Matthew Monaco
-
Nilesh Govindarajan
-
Shridhar Daithankar
-
Vincent Van Houtte