netbsd-users: Re: ipfiltering problems

Subject: Re: ipfiltering problems
To: Dan Radom <dradom@redback.com>
From: David Maxwell <david@vex.net>
List: netbsd-users
Date: 01/01/2001 15:33:10
You might try 
sysctl -w net.inet.tcp.rfc1323 = 0

There was a thread with someone in the opposite setup who found Linux
didn't do 1323 well.

http://mail-index.netbsd.org/current-users/1995/03/27/0029.html

						David

On Sat, Dec 30, 2000 at 12:47:29PM -0700, Dan Radom wrote:
> I've narrowed down the problem to 2 particular clients on my LAN.  The BSD
> box does http fine, as well as my wife's NT workstation.  The two clients
> that have trouble with http are both Linux boxes.  My previous setup
> included one of those Linux boxes performing NAT and routing with ipchains
> and ipmasqadm and everything works fine.  I see nothing wrong with any of
> the Linux machines network configuration.
> 
> 
> ----- Original Message -----
> From: "David Maxwell" <david@vex.net>
> To: "Dan Radom" <dradom@redback.com>
> Cc: "netbsd-users" <netbsd-users@netbsd.org>
> Sent: Saturday, December 30, 2000 11:11 AM
> Subject: Re: ipfiltering problems
> 
> 
> > On Fri, Dec 29, 2000 at 09:55:29PM -0700, Dan Radom wrote:
> > > I'm having a little trouble with ipfiltering.  The nat box is i386
> running
> > > 1.5, and ex0 is external and le0 is internal.  Here are my ipf.conf and
> > > ipnat.conf files.  There's not too much to them...
> > >
> > > [graffix@pluto graffix]$ cat /etc/ipnat.conf
> > > map ex0 192.168.0.0/24 -> 24.19.63.204/32 proxy port ftp ftp/tcp
> > > map ex0 192.168.0.0/24 -> 24.19.63.204/32 portmap tcp/udp 30000:60000
> > > map ex0 192.168.0.0/24 -> 24.19.63.204/32
> > >
> > > [graffix@pluto graffix]$ cat /etc/ipf.conf
> > > pass in all
> > > pass out all
> > >
> > > My problem is this.  Everything works fine with the exception of http
> > > traffic.  It will stall, timeout or run very slowly (1 or 2 K/sec or
> > > slower).  I get an average of about 200 K/sec generally.
> >
> > That config looks completely normal. Have you ever run tests from the
> NetBSD
> > box, or from another client without intervening NAT?
> >
> > Maybe your provider has imposed a transparent http proxy on you?
> >
> > --
> > David Maxwell, david@vex.net|david@maxwell.net --> Although some of you
> out
> > there might find a microwave oven controlled by a Unix system an
> attractive
> > idea, controlling a microwave oven is easily accomplished with the
> smallest
> > of microcontrollers. - Russ Hersch - (Microcontroller primer and FAQ)
> >

-- 
David Maxwell, david@vex.net|david@maxwell.net -->
If you don't spend energy getting what you want,
	You'll have to spend it dealing with what you get.
					      - Unknown