Subject: Re: netbsd firewall - lagging gameplay...
To: None <netbsd-help@netbsd.org>
From: James Terris <shinden@sympatico.ca>
List: netbsd-help
Date: 03/12/2002 14:08:22
James K. Lowden wrote:
> Good friend. Keep him. ;)
heheh...
> > --------
> > | adsl |
> > |modem |
> > --------
> > |
> > |eth0
> > ----------
> > | netbsd | eth1 |--web server
> > | box |----------|
> > ---------- |--file server
> > | eth2 |
> > | |--game server
> > ------------------
> > | | | |
> > windows machines
> >
> > Now, the problem that I'm running into is that when I try
> > to play a Starcraft game on battle net from one of
> > the windows machines any games that I try to connect
> > to with more than two people (including me) become so
> > laggy that I can't play any more.
> >
> > Any other information needed to diagnose this problem?
>
> James,
>
> Actually, there's not enough technical information above to
> diagnose anything, so I can only offer suggestions about
> where to poke around.
>
> I think it's unlikely that the NetBSD firewall (ipnat & ipf)
> are imposing any serious limitation on your thoughput, unless
> you've got some wonky ruleset.
I don't think I do.
Here is what my rules look like:
map de0 192.168.1.0/255.255.255.0 -> 206.47.37.61/32 proxy port ftp
ftp/tcp
map de0 192.168.1.0/255.255.255.0 -> 206.47.37.61/32 portmap tcp/udp
10000:40000
map de0 192.168.1.0/255.255.255.0 -> 206.47.37.61/32
map de0 192.168.2.0/255.255.255.0 -> 206.47.37.61/32 proxy port ftp
ftp/tcp
map de0 192.168.2.0/255.255.255.0 -> 206.47.37.61/32 portmap tcp/udp
10000:40000
map de0 192.168.2.0/255.255.255.0 -> 206.47.37.61/32
map ex0 192.168.2.0/255.255.255.0 -> 192.168.1.1/32 proxy port ftp
ftp/tcp
map de0 192.168.2.0/255.255.255.0 -> 192.168.1.1/32 portmap tcp/udp
10000:40000
map de0 192.168.2.0/255.255.255.0 -> 192.168.1.1/32
map ex0 192.168.1.0/255.255.255.0 -> 192.168.2.1/32 proxy port ftp
ftp/tcp
map de0 192.168.1.0/255.255.255.0 -> 192.168.2.1/32 portmap tcp/udp
10000:40000
map de0 192.168.1.0/255.255.255.0 -> 192.168.2.1/32
rdr de0 206.47.37.61/32 port 80 -> 192.168.1.111 port 80 tcp/udp
rdr de0 206.47.37.61/32 port 21 -> 192.168.1.3 port 21 tcp/udp
rdr de0 206.47.37.61/32 port 25 -> 192.168.1.111 port 25 tcp/udp
rdr de0 206.47.37.61/32 port 110 -> 192.168.1.111 port 110 tcp/udp
rdr de0 206.47.37.61/32 port 143 -> 192.168.1.111 port 143 tcp/udp
rdr de0 206.47.37.61/32 port 11878 -> 192.168.1.111 port 11878 tcp/udp
rdr de0 206.47.37.61/32 port 12770 -> 192.168.1.111 port 12770 tcp/udp
rdr de0 206.47.37.61/32 port 27910 -> 192.168.1.13 port 27910 tcp/udp
rdr de0 206.47.37.61/32 port 8080 -> 192.168.1.14 port 8080 tcp/udp
> Every time I've thought I've
> had firewall problems, they turned out to be DNS or LAN
> problems (or something more obvious, like lack of green lights
> on the DSL modem).
When I was setting up the netbsd box I was running into problems
with my providers DNS server. Could that be the issue?
I'm running one on my network so perhaps I should switch to that...
> I assume eth2 and the windows boxes are plugged into a hub.
They are set up like so:
-----------------------------------
| 5 port linksys workgroup switch |
-----------------------------------
| | | | | ---------------------
| | | | ----------| linksys |
win2k winxp win2k | | befsr41 dsl router|
| |set to act as a |
---------------------- |router not gateway |
|linksys print server| ---------------------
---------------------- | | |
win2k win2k empty
I was having problems at one point with the linksys dsl
router but once I set it to act as only a router rather
than a gateway it started to act properly. Could it
still be interfering?
> It is possible that they are disagreeing about full/half
> duplex; some drivers (or cards, it's hard to know) don't always
> get it right. You can detect this using "ping" in both
> directions,
How can I use ping to figure this out?
> or by ftp'ing some files to/from the NetBSD box
> with your windows machines. You should see transfer
> throughput >80% of the raw bandwidth. If you see <10% in
> some cases, it's a clue to duplex issues. It's possible for
> the same issue to crop up on eth0, too.
When I ftp from the gateway to my file server I get a very slow
connection:
200 PORT command successful.
150 Opening BINARY mode data connection for thriller.avi (28450304
bytes).
31% |*********** | 8739 KB 168.05 KB/s
01:53 ETA^
I don't have an ftp server running on the gateway but when I
ftp from one of the windows machines to an externa IP
address the transfer rate fluctuates more than normal but
does achieve what I'm used to seeing.
> Once you've acquitted your LAN, what do traceroutes to your
> game server show?
Not sure but I'll find out tonight when I get home.
> I know exactly nothing about Starcraft, so
> I'm sure I'm no help to you in that department. Both "ipfstat"
> and "netstat -p tcp" will show if you're dropping packets for
> some reason.
shin# ipfstat
IPv6 packets: in 0 out 0
input packets: blocked 0 passed 4094609 nomatch 1394508 counted
0 short 0
output packets: blocked 0 passed 4066219 nomatch 3026717 counted
0 short 0
input packets logged: blocked 0 passed 0
output packets logged: blocked 0 passed 0
packets logged: input 0 output 0
log failures: input 0 output 0
fragment state(in): kept 0 lost 0
fragment state(out): kept 0 lost 0
packet state(in): kept 0 lost 0
packet state(out): kept 0 lost 0
ICMP replies: 0 TCP RSTs sent: 0
Invalid source(in): 0
Result cache hits(in): 1043047 (out): 1039502
IN Pullups succeeded: 0 failed: 0
OUT Pullups succeeded: 0 failed: 0
Fastroute successes: 0 failures: 0
TCP cksum fails(in): 0 (out): 0
Packet log flags set: (0)
none
shin# netstat -p tcp
tcp:
5937 packets sent
924 data packets (82671 bytes)
3 data packets (99 bytes) retransmitted
4226 ack-only packets (3260 delayed)
0 URG only packets
0 window probe packets
765 window update packets
20 control packets
13668 packets received
834 acks (for 82696 bytes)
220 duplicate acks
0 acks for unsent data
5248 packets (6381877 bytes) received in-sequence
203 completely duplicate packets (293944 bytes)
0 old duplicate packets
0 packets with some dup. data (0 bytes duped)
1853 out-of-order packets (2664128 bytes)
0 packets (0 bytes) of data after window
0 window probes
1 window update packet
0 packets received after close
0 discarded for bad checksums
0 discarded for bad header offset fields
0 discarded because packet too short
6 connection requests
11 connection accepts
17 connections established (including accepts)
36 connections closed (including 3 drops)
0 embryonic connections dropped
816 segments updated rtt (of 808 attempts)
2 retransmit timeouts
0 connections dropped by rexmit timeout
0 persist timeouts (resulting in 0 dropped connections)
5 keepalive timeouts
5 keepalive probes sent
0 connections dropped by keepalive
5 correct ACK header predictions
4885 correct data packet header predictions
11728 PCB hash misses
5853 dropped due to no socket
0 connections drained due to memory shortage
0 bad connection attempts
11 SYN cache entries added
0 hash collisions
11 completed
0 aborted (no space to build PCB)
0 timed out
0 dropped due to overflow
0 dropped due to bucket overflow
0 dropped due to RST
0 dropped due to ICMP unreachable
0 SYN,ACKs retransmitted
0 duplicate SYNs received for entries already in the cache
0 SYNs dropped (no route or no space)
This is somewhat beyond me.
What am I looking for here to help me figure out why this is
not working? Should I try it while I'm connecting (or attempting to
connect to) a starcraft battlenet game?
> If you want further help with the NetBSD box setup, post the
> output of "ifconfig -au" and the relevant lines of your
> "dmesg" output, so we can see what your hardware is and
> how it's set up.
Here is the output from ifconfig -au
shin# ifconfig -au
de0: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu
1500
address: 00:00:c0:24:f6:cf
media: Ethernet autoselect (10baseT)
status: active
inet 206.47.37.61 netmask 0xffffff00 broadcast 206.47.37.255
inet6 fe80::200:c0ff:fe24:f6cf%de0 prefixlen 64 scopeid 0x1
ex0: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu
1500
address: 00:60:08:90:a0:a5
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::260:8ff:fe90:a0a5%ex0 prefixlen 64 scopeid 0x2
ex1: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu
1500
address: 00:60:08:92:cd:db
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
inet6 fe80::260:8ff:fe92:cddb%ex1 prefixlen 64 scopeid 0x3
lo0: flags=8009<UP,LOOPBACK,MULTICAST> mtu 33228
inet 127.0.0.1 netmask 0xff000000
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet6 ::1 prefixlen 128
shin#
And dmesg:
shin# dmesg
xa0000-0xbffff
wsdisplay0 at vga0: console (80x25, vt100 emulation), using wskbd0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
sysbeep0 at pcppi0
isapnp0 at isa0 port 0x279: ISA Plug 'n Play device support
npx0 at isa0 port 0xf0-0xff: using exception 16
fdc0 at isa0 port 0x3f0-0x3f7 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB, 80 cyl, 2 head, 18 sec
isapnp0: no ISA Plug 'n Play devices found
biomask 3ff5 netmask fffd ttymask ffff
de0: enabling 10baseT port
stray interrupt 7
scsibus0: waiting 2 seconds for devices to settle...
ahc1: target 0 synchronous at 10.0MHz, offset = 0xf
ahc1: target 0 using tagged queuing
sd0 at scsibus0 target 0 lun 0: <HP, 2.13 GB #A2, 0180> SCSI2 0/direct
fixed
sd0: 2033 MB, 3992 cyl, 9 head, 115 sec, 512 bytes/sect x 4165272
sectors
ahc1: target 1 synchronous at 4.0MHz, offset = 0xf
cd0 at scsibus0 target 1 lun 0: <PLEXTOR, CD-ROM PX-4XCH, 1.24> SCSI2
5/cdrom removable
scsibus1: waiting 2 seconds for devices to settle...
boot device: sd0
root on sd0a dumps on sd0b
root file system type: ffs
stray interrupt 7
stray interrupt 7
IP Filter: v3.4.9 initialized. Default = pass all, Logging = enabled
stray interrupt 7
stray interrupt 7; stopped logging
de0: enabling 10baseT port
wsdisplay0: screen 1 added (80x25, vt100 emulation)
wsdisplay0: screen 2 added (80x25, vt100 emulation)
wsdisplay0: screen 3 added (80x25, vt100 emulation)
wsdisplay0: screen 4 added (80x25, vt100 emulation)
wsmux1: connecting to wsdisplay0
syncing disks... 4 4 1 done
rebooting...
NetBSD 1.5.2 (GENERIC) #3: Sat Aug 18 23:37:05 CEST 2001
he@hamster.urc.uninett.no:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium (P54C) (586-class), 100.01 MHz
total memory = 127 MB
avail memory = 113 MB
using 1659 buffers containing 6636 KB of memory
BIOS32 rev. 0 found at 0xfb5f0
mainbus0 (root)
pci0 at mainbus0 bus 0: configuration mode 2
pci0: i/o space, memory space enabled
pchb0 at pci0 dev 0 function 0
pchb0: Intel 82434LX/NX PCI, Cache and Memory Controller (PCMC) (rev.
0x11)
pceb0 at pci0 dev 2 function 0
pceb0: Intel 82375EB/SB PCI-EISA Bridge (PCEB) (rev. 0x04)
de0 at pci0 dev 4 function 0
de0: interrupting at irq 3
de0: SMC 21041 [10Mb/s] pass 1.1
de0: address 00:00:c0:24:f6:cf
ex0 at pci0 dev 5 function 0: 3Com 3c905-TX 10/100 Ethernet (rev. 0x0)
ex0: interrupting at irq 15
ex0: MAC address 00:60:08:90:a0:a5
nsphy0 at ex0 phy 24: DP83840 10/100 media interface, rev. 1
nsphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
ex1 at pci0 dev 6 function 0: 3Com 3c905-TX 10/100 Ethernet (rev. 0x0)
ex1: interrupting at irq 14
ex1: MAC address 00:60:08:92:cd:db
nsphy1 at ex1 phy 24: DP83840 10/100 media interface, rev. 1
nsphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
eisa0 at pceb0
ahc1 at eisa0 slot 3: Adaptec AHA-274x SCSI
ahc1: level sensitive interrupting at irq 11
ahc1: aic7770 <= Rev C, Twin Channel, A SCSI Id=7, B SCSI Id=7, primary
A, 4/255 SCBs
scsibus0 at ahc1 channel 0: 8 targets, 8 luns per target
scsibus1 at ahc1 channel 1: 8 targets, 8 luns per target
unknown device CPQ3001 at eisa0 slot 4 not configured
eisa0: can't map I/O space for slot 14
isa0 at pceb0
pckbc0 at isa0 port 0x60-0x64
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard
vga0 at isa0 port 0x3b0-0x3df iomem 0xa0000-0xbffff
wsdisplay0 at vga0: console (80x25, vt100 emulation), using wskbd0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
sysbeep0 at pcppi0
isapnp0 at isa0 port 0x279: ISA Plug 'n Play device support
npx0 at isa0 port 0xf0-0xff: using exception 16
fdc0 at isa0 port 0x3f0-0x3f7 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB, 80 cyl, 2 head, 18 sec
isapnp0: no ISA Plug 'n Play devices found
biomask 3ff5 netmask fffd ttymask ffff
de0: enabling 10baseT port
stray interrupt 7
scsibus0: waiting 2 seconds for devices to settle...
ahc1: target 0 synchronous at 10.0MHz, offset = 0xf
ahc1: target 0 using tagged queuing
sd0 at scsibus0 target 0 lun 0: <HP, 2.13 GB #A2, 0180> SCSI2 0/direct
fixed
sd0: 2033 MB, 3992 cyl, 9 head, 115 sec, 512 bytes/sect x 4165272
sectors
ahc1: target 1 synchronous at 4.0MHz, offset = 0xf
cd0 at scsibus0 target 1 lun 0: <PLEXTOR, CD-ROM PX-4XCH, 1.24> SCSI2
5/cdrom removable
scsibus1: waiting 2 seconds for devices to settle...
boot device: sd0
root on sd0a dumps on sd0b
root file system type: ffs
stray interrupt 7
stray interrupt 7
stray interrupt 7
stray interrupt 7; stopped logging
IP Filter: v3.4.9 initialized. Default = pass all, Logging = enabled
de0: enabling 10baseT port
wsdisplay0: screen 1 added (80x25, vt100 emulation)
wsdisplay0: screen 2 added (80x25, vt100 emulation)
wsdisplay0: screen 3 added (80x25, vt100 emulation)
wsdisplay0: screen 4 added (80x25, vt100 emulation)
wsmux1: connecting to wsdisplay0
syncing disks... 4 4 1 done
rebooting...
NetBSD 1.5.2 (GENERIC) #3: Sat Aug 18 23:37:05 CEST 2001
he@hamster.urc.uninett.no:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium (P54C) (586-class), 100.01 MHz
total memory = 127 MB
avail memory = 113 MB
using 1659 buffers containing 6636 KB of memory
BIOS32 rev. 0 found at 0xfb5f0
mainbus0 (root)
pci0 at mainbus0 bus 0: configuration mode 2
pci0: i/o space, memory space enabled
pchb0 at pci0 dev 0 function 0
pchb0: Intel 82434LX/NX PCI, Cache and Memory Controller (PCMC) (rev.
0x11)
pceb0 at pci0 dev 2 function 0
pceb0: Intel 82375EB/SB PCI-EISA Bridge (PCEB) (rev. 0x04)
de0 at pci0 dev 4 function 0
de0: interrupting at irq 3
de0: SMC 21041 [10Mb/s] pass 1.1
de0: address 00:00:c0:24:f6:cf
ex0 at pci0 dev 5 function 0: 3Com 3c905-TX 10/100 Ethernet (rev. 0x0)
ex0: interrupting at irq 15
ex0: MAC address 00:60:08:90:a0:a5
nsphy0 at ex0 phy 24: DP83840 10/100 media interface, rev. 1
nsphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
ex1 at pci0 dev 6 function 0: 3Com 3c905-TX 10/100 Ethernet (rev. 0x0)
ex1: interrupting at irq 14
ex1: MAC address 00:60:08:92:cd:db
nsphy1 at ex1 phy 24: DP83840 10/100 media interface, rev. 1
nsphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
eisa0 at pceb0
ahc1 at eisa0 slot 3: Adaptec AHA-274x SCSI
ahc1: level sensitive interrupting at irq 11
ahc1: aic7770 <= Rev C, Twin Channel, A SCSI Id=7, B SCSI Id=7, primary
A, 4/255 SCBs
scsibus0 at ahc1 channel 0: 8 targets, 8 luns per target
scsibus1 at ahc1 channel 1: 8 targets, 8 luns per target
unknown device CPQ3001 at eisa0 slot 4 not configured
eisa0: can't map I/O space for slot 14
isa0 at pceb0
pckbc0 at isa0 port 0x60-0x64
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard
vga0 at isa0 port 0x3b0-0x3df iomem 0xa0000-0xbffff
wsdisplay0 at vga0: console (80x25, vt100 emulation), using wskbd0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
sysbeep0 at pcppi0
isapnp0 at isa0 port 0x279: ISA Plug 'n Play device support
npx0 at isa0 port 0xf0-0xff: using exception 16
fdc0 at isa0 port 0x3f0-0x3f7 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB, 80 cyl, 2 head, 18 sec
isapnp0: no ISA Plug 'n Play devices found
biomask 3ff5 netmask fffd ttymask ffff
de0: enabling 10baseT port
stray interrupt 7
scsibus0: waiting 2 seconds for devices to settle...
ahc1: target 0 synchronous at 10.0MHz, offset = 0xf
ahc1: target 0 using tagged queuing
sd0 at scsibus0 target 0 lun 0: <HP, 2.13 GB #A2, 0180> SCSI2 0/direct
fixed
sd0: 2033 MB, 3992 cyl, 9 head, 115 sec, 512 bytes/sect x 4165272
sectors
ahc1: target 1 synchronous at 4.0MHz, offset = 0xf
cd0 at scsibus0 target 1 lun 0: <PLEXTOR, CD-ROM PX-4XCH, 1.24> SCSI2
5/cdrom removable
scsibus1: waiting 2 seconds for devices to settle...
boot device: sd0
root on sd0a dumps on sd0b
root file system type: ffs
stray interrupt 7
stray interrupt 7
stray interrupt 7
stray interrupt 7; stopped logging
IP Filter: v3.4.9 initialized. Default = pass all, Logging = enabled
de0: enabling 10baseT port
wsdisplay0: screen 1 added (80x25, vt100 emulation)
wsdisplay0: screen 2 added (80x25, vt100 emulation)
wsdisplay0: screen 3 added (80x25, vt100 emulation)
wsdisplay0: screen 4 added (80x25, vt100 emulation)
wsmux1: connecting to wsdisplay0
de0: enabling AUI port
de0: enabling 10baseT port
shin#
After looking at this could the "stray interrupt 7" be what's
causing my problems? I don't have anything at interrupt 7
that I'm aware of (there are no serial or parallel ports in
this system or IDE controllers).
I could change the hardware to something perhaps a little
more standard (I knew that EISA stuff would cause me trouble...)
and try again...
ttyl,
james
--
Blessed are they who can laugh at themselves for
they shall never cease to be amused.