[netperf-talk] How configure my firewall to execute netperf ? I use shorewall (iptable firewall) on Debian

Stéphane Klein stephane at harobed.org
Wed Aug 18 12:53:50 PDT 2010 

Le 16/08/2010 19:20, Rick Jones a écrit :
> Klein Stéphane wrote:
>> Hi,
>>
>> I've two computer :
>> * A : it's a server with a firewall
>> * B : an computer on internet
>>
>> I've installed netserver on host A.
>> I use netperf on host B.
>>
>> On host B, I launch :
>>
>> $ netperf -H host_A_address_IP
>>
>> If I stop the firewall on host A, all work great.
>> It isn't work when firewall is enabled.
>>
>> In filewall rules, I've opened default netserver port : 12865
>>
>> host A have full access to internet.
>>
>> Where is the problem ? Can you help me ?
>>
>> It's exactly the same issue than 
>> http://www.archivum.info/netfilter/2003-03/00360/iptables-config-for-netperf.html 
>>
>> There are no answer to this last question.
>>
>> Other information : host A is a Debian and Firewall is configured 
>> with Shorewall
>>
>> Thanks for your help.
>> Regards,
>> Stephane
>
> The normal flow of a netperf test is that netperf establishes a 
> control connection to port 12865 on the system running netserver, then 
> passes setup information to the netserver via the control connection.  
> The netserver then does some setup and passes further information back 
> to netperf over the control connection - in particular the port number 
> for the "data" connection - and then netperf connects to netserver at 
> that port number.  Netperf is always the side initiating connections.
>
> Now, there is a way to get netperf to use fixed port numbers for the 
> data connection - there should be something about that in either the 
> test-specific -h output, or in the online docs:
>
> http://www.netperf.org/svn/netperf2/tags/netperf-2.4.5/doc/netperf.html
>
> where the test-specific -H and -L options are discussed.
>
> happy benchmarking,

Thanks, with your answer, I found the solution.

On my firewall (shorewall), I defined this rules (/etc/shorewall/rules) :

ACCEPT          net             $FW             tcp     12865
ACCEPT          net             $FW             tcp     12866

next on my external host (net), I do :

$ netperf -H 192.168.1.14  -p 12865 -t TCP_STREAM -- -P 12866

This work great !

Regards,
Stephane

-- 
Stéphane Klein<stephane at harobed.org>
blog: http://stephane-klein.info
Twitter: http://twitter.com/klein_stephane
pro: http://www.is-webdesign.com

More information about the netperf-talk mailing list