Gigabyte speeds

[wookmaster]

I currently have FC 6 setup as a router/firewall using iptables as a learning experience. I have eth0,eth1 both 1 gigabit NIC cards and a 1000mbps switch , one goes to cable modem(eth0), other to LAN (eth1)

my route setup

192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
67.148.13.0 * 255.255.240.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
default d149-67-1-16.na 0.0.0.0 UG 0 0 0 eth0


With the default route it seems anything going out from the box to the LAN goes through this route, I am only getting 100mbps speeds instead of 1000. I have not been able to figure out a way to change my routing rules to keep the LAN side just LAN and only go through eth0 for non 192.168.1.0 addresses. Anyone have any suggestion?

Much appreciation for any suggestions.

[sameeh]

can you post your /etc/sysconfig/iptables file?

[wookmaster]

Here is iptables -L, currently the file doesnt exist as I have the parameter for saving set to no.

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Badflags tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN
Badflags tcp -- anywhere anywhere tcp flags:PSH,ACK/PSH
Badflags tcp -- anywhere anywhere tcp flags:ACK,URG/URG
Badflags tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST
Badflags tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
Badflags tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
Badflags tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
Badflags tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
Badflags tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
Badflags tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,PSH,URG
Badflags tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5
Firewall icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP udp -- anywhere anywhere udp spt:netbios-ns dpt:netbios-ns
Rejectwall all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID,NEW

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain Badflags (11 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 10/min burst 5 LOG level warning prefix `Badflags: '
DROP all -- anywhere anywhere

Chain Firewall (1 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 10/min burst 5 LOG level warning prefix `Firewall: '
DROP all -- anywhere anywhere

Chain Rejectwall (1 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 10/min burst 5 LOG level warning prefix `Rejectwall: '
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable