IPTable Firewall Causes Lag?

Discussion in 'Performance Tweaking' started by MCraftGamer35, Jun 4, 2017.

  1. I did a test, and when I enable my firewall, whenever you open our server selector, it lags, the server selector pings the servers on the network for their MOTD & Playercount which we need for our network, once I flushed the iptables, the lag went away. Is there any way to avoid this? Or is there any tips?
     
  2. foncused

    Moderator Patron

    What firewall rules have you implemented? How are you pinging the other servers? Are the servers all on the same machine? Have you installed any packages that actively adjust IPTables?
     
  3. @foncused The command I use in my SSH is: iptables -A INPUT ! -s 127.0.0.1 -p tcp -m tcp --dport 25981:40000 -j DROP

    The code to ping servers:
    Code (Text):
        public String getMotd(String ip, int port) {
            String returnString = null;
            try {
                Socket sock = new Socket();
                sock.setSoTimeout(100);
                sock.connect(new InetSocketAddress(ip, port), 100);

                DataOutputStream out = new DataOutputStream(sock.getOutputStream());
                DataInputStream in = new DataInputStream(sock.getInputStream());

                out.write(0xFE);

                int b;
                StringBuffer str = new StringBuffer();
                while ((b = in .read()) != -1) {
                    if (b != 0 && b > 16 && b != 255 && b != 23 && b != 24) {
                        str.append((char) b);
                    }
                }

                String[] data = str.toString().split("§");
                String serverMotd = data[0];

                returnString = String.format(serverMotd);
               
                sock.close();

            } catch (ConnectException e) {
                returnString = "OFFLINE";
            } catch (UnknownHostException e) {
                returnString = "OFFLINE";
            } catch (IOException e) {
                returnString = "OFFLINE";
            }
            return returnString;
        }
       
        public int getCount(String ip, int port) {
            int count = 0;
            try {
                Socket sock = new Socket();
                sock.setSoTimeout(100);
                sock.connect(new InetSocketAddress(ip, port), 100);

                DataOutputStream out = new DataOutputStream(sock.getOutputStream());
                DataInputStream in = new DataInputStream(sock.getInputStream());

                out.write(0xFE);

                int b;
                StringBuffer str = new StringBuffer();
                while ((b = in .read()) != -1) {
                    if (b != 0 && b > 16 && b != 255 && b != 23 && b != 24) {
                        str.append((char) b);
                    }
                }

                String[] data = str.toString().split("§");
                int onlinePlayers = Integer.parseInt(data[1]);

                count = onlinePlayers;
               
                sock.close();

            } catch (ConnectException e) {
                count = 0;
            } catch (UnknownHostException e) {
                count = 0;
            } catch (IOException e) {
                count = 0;
            }
            return count;
        }

    All the servers are on the same machine. I do not believe I installed anything that actively adjusts iptables.
     
  4. electronicboy

    IRC Staff

    if all the servers are on the same machine, you don't need to care about setting up a firewall rule for them, just make sure to bind them on the loopback interface instead of externally.
    other than the large set of ports to match (which shouldn't be an issue for iptables), I do not see how that would cause issues unless the machine was overloaded in any shape of way.
     
  5. iptables rules do not cause lag. Your issue is something else.
     
  6. @electronicboy I somewhat understand you, but please restate what you said in terms as if you were talking to someone somewhat new to IPTables. I do not know how to bind them on the loopback interface.
     
  7. electronicboy

    IRC Staff

    set the ip address of your servers to 127.0.0.1, and use bungeecord to connect to the servers on that. then you don't need to create a rule in iptables for that as the only way to access them is by software running on your server
     
  8. @electronicboy Without IPTables my server got force opped literally hours ago, how will this prevent that? It got force opped because players could create their own bungeecord proxy and connect to the hub server on the owners account.
     
  9. electronicboy

    IRC Staff

    nothing external can see stuff running on 127.0.0.1