Which is better? Which is faster? For a desktop system, I don’t think it really matters if you have to process a bunch of rules. How many can there be, and how much network traffic are you seeing anyway? It’s probably more efficient to modify your sysctl.conf, but it seems more organized to do it all with iptables.

I still prefer a flat ascii file either loading the rules one at a time, or the built in iptables save/restore which basically does the same thing. But if you like/want/need a GUI application, then skip the lokkit firewall configuration tool in favor of system-config-firewall. It makes configuration of your firewall as easy as the simple Windows firewall, but with the option detail you expect from Linux.

Make sure a firewall rule isn’t blocking NFS. If NFS is running on the server and clients _can_ mount, but it’s just really slow, then things get a little hairly. You can’t just look for a problem on a client or a fix a misconfigured server. You’ll have to look at the whole ball of wax… If MTU mismatch doesn’t seem to be a problem, try going the other way and increasing the MTU size. Use the traceroute command to look for unexpected routing hops or delays.

This is pretty simple, just like in Windows. You could probably set it up quicker in Linux too. Too much clicking in windows.

Check iptables or other firewall applications running on that machine. If ldap traffic is being blocked, this could be causing it to hang. That’s what happened to me. I changed the firewall rules and forgot to add the ldaps rule and it broke. I could work around it by hitting “i” while booting and it would go into Interactive mode and allow me to say No to the MessageBus service. Everything else came up fine in runlevels 3 and 5, but it would always hang when loading the dbus app.

Fedora 10 Default Services