Subject: Re: Network traffic intermittently halts.
To: None <netbsd-help@NetBSD.org>
From: Roger Fischer <r@aileron.org>
List: netbsd-help
Date: 08/08/2003 23:59:18
OK, I'm really convinced it has something to do with my ipf rules.
If I flush my ipf rules, things move along very quickly.
but... with the rules in place, I have problems. I'm sure it has something to
do with rule order or keeping state, but I don't know what. I've been going
over the HOW-TO and the FAQ, and can't find what might be wrong.
Any suggestions, or should I get on the ipfilter list?
# Default policy Deny
block in on ne2
# Give internal net full access
pass out quick on ne2 proto tcp from any to any flags S
keep state keep frags
pass out quick on ne2 proto udp from any to any
keep state
pass out quick on ne2 proto icmp from any to any
keep state
# Allow access to DHCP
pass in log quick on ne2 proto udp from any port = 67 to any
port = 68 keep state
# Send a reset instead of absolute block on ident port (for outbound mail?)
block return-rst in log quick on ne2 proto tcp from any to
any port = 113
# Block all icmp.
block in log quick on ne2 proto icmp from any to any
At 9:36 PM -0700 8/8/03, David S. wrote:
> >
>> Yes, the connection is asymmetric. Cable modem. Fast download, slower
>> upload. The problem happens all the time, not just if I try to upload
>> while I'm downloading though.
>
>If you were seeing down-loads hanging with concurrent upstream traffic,
>I would suspect that your upstream connection is getting saturated and
>the ACKs for the download are being choked-off. That would cause the
>remote host to re-send packets your way, and could accout for the hang.
>You could remedy that by using 'altq' to prioritize the ACKs. But
>since you see the problem regardless of upstream traffic ...
>
>>
>> It's sort of like something breaks the connection, and it has to
>> reestablish. What would I look at to see if something like that is
> > happening?
>