LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Magnet DSL and Linux NAT problem

[ILUG] Magnet DSL and Linux NAT problem

Mel Gorman mel at csn.ul.ie
Thu May 27 11:55:03 IST 2010 

On Thu, May 27, 2010 at 11:43:40AM +0100, Kenn Humborg wrote:
> > I've been beating my face off this for a few hours and getting nowhere.
> > I have a Linux box with Magnet broadband which is meant to work as a
> > bog-standard NAT box. This used to be connected to Eircom without any
> > problems. From the box itself, if I do something like
> > 
> > for SIZE in 1 10 100 200 500 1000; do dd if=/dev/zero 
> > of=./size-$SIZE ibs=1024 count=$SIZE; done
> > for SIZE in 1 10 100 200 500 1000; do time scp size-$SIZE 
> > mel at remote-host: > /dev/null; done
> > 
> > I get reasonable speeds all the way up. All good so far.
> > 
> > The machine has an internal interface but all machines behind it 
> > get stalled
> > when uploading 100K and it very rarely resumes. This isn't a 
> > Windows problem
> > because running the same scripts from an internal Linux box gets 
> > stalled. It
> > looked like a MTU problem but mangling the MTU did not help. The firewall
> > script currently looks like
> ...
> <snip>
> ...
> > Nothing fancy but it's not working. Has anyone encountered this problem
> > before?
> 
> As a data point, Magnet DSL & masquerading works fine for me here.
> 
> My next step would be to capture traffic on the internal and external
> interfaces (tcpdump -s 0 -w ethX.cap -i ethX) and take a look at them
> in Wireshark.
> 

I didn't see anything unusual but eventually found that this mostly works
as the last POSTROUTING rule

iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 296

When I was trying MTU values last night, I was using values like 1496 and
1460 thinking it was PPPoE overhead. I don't know what the significant of
a <300 MTU is. Nor do I understand if packets are getting fragmented then
why they are getting lost instead of being reassembled before hitting the
netfilter code.

Thanks anyway for the suggestions. It was an MTU problem after all, just
required a far lower value than I would have ever expected.

-- 
Mel Gorman
Part-time Phd Student                          Linux Technology Center
University of Limerick                         IBM Dublin Software Lab

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell