LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Magnet DSL and Linux NAT problem

[ILUG] Magnet DSL and Linux NAT problem

Mel Gorman mel at csn.ul.ie
Thu May 27 03:53:04 IST 2010 

Howdy,

I've been beating my face off this for a few hours and getting nowhere.
I have a Linux box with Magnet broadband which is meant to work as a
bog-standard NAT box. This used to be connected to Eircom without any
problems. From the box itself, if I do something like

for SIZE in 1 10 100 200 500 1000; do dd if=/dev/zero of=./size-$SIZE ibs=1024 count=$SIZE; done
for SIZE in 1 10 100 200 500 1000; do time scp size-$SIZE mel at remote-host: > /dev/null; done

I get reasonable speeds all the way up. All good so far.

The machine has an internal interface but all machines behind it get stalled
when uploading 100K and it very rarely resumes. This isn't a Windows problem
because running the same scripts from an internal Linux box gets stalled. It
looked like a MTU problem but mangling the MTU did not help. The firewall
script currently looks like

# eth0 is external
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/all/proxy_arp

# Flush rules
iptables -F FORWARD
iptables -F INPUT
iptables -F OUTPUT
iptables -F POSTROUTING -t nat
iptables -F PREROUTING -t nat
iptables -P FORWARD DROP

# Allow everything from server
iptables -A FORWARD -p all -s 10.0.0.2/32 -d 0/0 -j ACCEPT
iptables -A FORWARD -p all -s 10.0.0.3/32 -d 0/0 -j ACCEPT

iptables -A FORWARD -p all -s 10.0.0.0/24 -d 0/0 -j ACCEPT
iptables -A FORWARD -m state -s 10.0.0.0/24 -d 0/0 --state ESTABLISHED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# NAT traffic
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o eth0 -j TCPMSS --set-mss 1460
iptables -A POSTROUTING -t nat -p icmp -s 10.0.0.0/24 -d 0/0 -j MASQUERADE
iptables -A POSTROUTING -t nat -p tcp  -s 10.0.0.0/24 -d 0/0 -j MASQUERADE
iptables -A POSTROUTING -t nat -p udp  -s 10.0.0.0/24 -d 0/0 -j MASQUERADE

# Drop traffic from outside
iptables -A INPUT -i eth0 -p tcp -m state --state NEW -j DROP

Nothing fancy but it's not working. Has anyone encountered this problem
before?

Thanks

-- 
Mel Gorman

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell