Hi people.

Some of you might remember I had asked about the chaotic performance of a LAMP server a few months ago. My team finally brought the local server where we had tested our sites earlier online. We eliminated each component of the stack. Finally, we were left with the firewalls.

At the ISP where we have co located, we have two firewalls - one dedicated hardware firewall shared among three servers and one on the machine itself. There is some NATing also involved since the LAMP server has a 192.168.x.x address. The test server which we were using as our baseline had just its own firewall (iptables).

At the firm suggestion of the ISP's tech/network guys, today, we switched off the LAMP server's iptables firewall. Now sites are working like smooooth!

http://pastebin.com/m63e4e613 This is our test server's iptables listing. The LAMP server has ports 21 and 443 also open in addition to one listed here. The OUTPUT chain counters also show a lot of traffic. Otherwise, both iptables are also same.

So my doubt is: was the double firewall (and NATing) the reason for the earlier chaotic performance? Is there some configuration we have to do to the iptables before we start it again?

Regards.