Subject: Re: ipfiltering problems
To: Dan Radom <dradom@redback.com>
From: David Maxwell <david@vex.net>
List: netbsd-users
Date: 01/01/2001 15:33:10
You might try
sysctl -w net.inet.tcp.rfc1323 = 0
There was a thread with someone in the opposite setup who found Linux
didn't do 1323 well.
http://mail-index.netbsd.org/current-users/1995/03/27/0029.html
David
On Sat, Dec 30, 2000 at 12:47:29PM -0700, Dan Radom wrote:
> I've narrowed down the problem to 2 particular clients on my LAN. The BSD
> box does http fine, as well as my wife's NT workstation. The two clients
> that have trouble with http are both Linux boxes. My previous setup
> included one of those Linux boxes performing NAT and routing with ipchains
> and ipmasqadm and everything works fine. I see nothing wrong with any of
> the Linux machines network configuration.
>
>
> ----- Original Message -----
> From: "David Maxwell" <david@vex.net>
> To: "Dan Radom" <dradom@redback.com>
> Cc: "netbsd-users" <netbsd-users@netbsd.org>
> Sent: Saturday, December 30, 2000 11:11 AM
> Subject: Re: ipfiltering problems
>
>
> > On Fri, Dec 29, 2000 at 09:55:29PM -0700, Dan Radom wrote:
> > > I'm having a little trouble with ipfiltering. The nat box is i386
> running
> > > 1.5, and ex0 is external and le0 is internal. Here are my ipf.conf and
> > > ipnat.conf files. There's not too much to them...
> > >
> > > [graffix@pluto graffix]$ cat /etc/ipnat.conf
> > > map ex0 192.168.0.0/24 -> 24.19.63.204/32 proxy port ftp ftp/tcp
> > > map ex0 192.168.0.0/24 -> 24.19.63.204/32 portmap tcp/udp 30000:60000
> > > map ex0 192.168.0.0/24 -> 24.19.63.204/32
> > >
> > > [graffix@pluto graffix]$ cat /etc/ipf.conf
> > > pass in all
> > > pass out all
> > >
> > > My problem is this. Everything works fine with the exception of http
> > > traffic. It will stall, timeout or run very slowly (1 or 2 K/sec or
> > > slower). I get an average of about 200 K/sec generally.
> >
> > That config looks completely normal. Have you ever run tests from the
> NetBSD
> > box, or from another client without intervening NAT?
> >
> > Maybe your provider has imposed a transparent http proxy on you?
> >
> > --
> > David Maxwell, david@vex.net|david@maxwell.net --> Although some of you
> out
> > there might find a microwave oven controlled by a Unix system an
> attractive
> > idea, controlling a microwave oven is easily accomplished with the
> smallest
> > of microcontrollers. - Russ Hersch - (Microcontroller primer and FAQ)
> >
--
David Maxwell, david@vex.net|david@maxwell.net -->
If you don't spend energy getting what you want,
You'll have to spend it dealing with what you get.
- Unknown