From: "eNet" <nt@enet.org.al>
To: netfilter@lists.netfilter.org
Subject: iptables delay connection phase
Date: Mon, 30 Jun 2003 09:14:14 +0200 [thread overview]
Message-ID: <002d01c33ed7$360fc600$8101a8c0@tani> (raw)
[-- Attachment #1: Type: text/plain, Size: 2452 bytes --]
Hello List,
I am new in iptables and list.
I have problem when my dialup clients trying to check their emails. There is a delay because of iptables. On that box I use linux kernel 2.4.19 and rc.firewall
Here are more details of what is happening:
Case 1. without iptables . It is OK. No delay.
19:45:51.756818 arp who-has xxx.xxx.xxx.1 tell xxx.xxx.xxx.129
19:45:51.756837 arp reply xxx.xxx.xxx.1 is-at yy:yy:yy:yy:yy
19:45:51.756920 xxx.xxx.xxx.129.2814 > NS1.enet.org.al.pop3: S 1490445489:1490445489(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
19:45:51.756988 NS1.enet.org.al.pop3 > xxx.xxx.xxx.129.2814: S 401842756:401842756(0) ack 1490445490 win 5840 <mss 1460,nop,nop,sackOK>
(DF)
19:45:51.757102 xxx.xxx.xxx.129.2814 > NS1.enet.org.al.pop3: . ack 1 win 17520 (DF)
19:45:51.761677 xxx.xxx.xxx.1.48021 > xxx.xxx.xxx.129.auth: S 387191140:387191140(0) win 5840 <mss 1460,sackOK,timestamp 251690774
0,nop,wscale 0> (DF) 19:45:51.761856 xxx.xxx.xxx.129.auth > xxx.xxx.xxx.1.48021: R 0:0(0) ack 387191141 win 0
etc...
Case 2. iptables activated. Problem: delay
20:00:43.670848 xxx.xxx.xxx.129.2824 > NS1.enet.org.al.pop3: S 1713847144:1713847144(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
20:00:43.670903 NS1.enet.org.al.pop3 > xxx.xxx.xxx.129.2824: S 1342878817:1342878817(0) ack 1713847145 win 5840 <mss 1460,nop,nop,sackOK>
(DF)
20:00:43.671015 xxx.xxx.xxx.129.2824 > NS1.enet.org.al.pop3: . ack 1 win 17520 (DF)
20:00:43.672185 xxx.xxx.xxx.1.48326 > xxx.xxx.xxx.129.auth: S 1340299399:1340299399(0) win 5840 <mss 1460,sackOK,timestamp 251779965
0,nop,wscale 0> (DF)
now it goes around (!!!!!??)
20:00:43.672291 xxx.xxx.xxx.129.auth > xxx.xxx.xxx.1.48326: R 0:0(0) ack 1340299400 win 0
20:00:46.666594 xxx.xxx.xxx.1.48326 > xxx.xxx.xxx.129.auth: S 1340299399:1340299399(0) win 5840 <mss 1460,sackOK,timestamp 251780265
0,nop,wscale 0> (DF)
20:00:46.666744 192.168.1.129.auth > xxx.xxx.xxx.1.48326: R 0:0(0) ack 1 win
0
20:00:52.666607 192.168.1.1.48326 > xxx.xxx.xxx.129.auth: S
1340299399:1340299399(0) win 5840 <mss 1460,sackOK,timestamp 251780865
0,nop,wscale 0> (DF)
20:00:52.666754 xxx.xxx.xxx.129.auth > xxx.xxx.xxx.1.48326: R 0:0(0) ack 1 win
0
untill here:
20:01:04.666637 xxx.xxx.xxx.1.48326 > xxx.xxx.xxx.129.auth: S 1340299399:1340299399(0) win 5840 <mss 1460,sackOK,timestamp 251782065
0,nop,wscale 0> (DF)
etc....
Any help appreciated.
Tani
[-- Attachment #2: Type: text/html, Size: 3957 bytes --]
next reply other threads:[~2003-06-30 7:14 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-06-30 7:14 eNet [this message]
2003-06-30 7:33 ` iptables delay connection phase Ray Leach
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='002d01c33ed7$360fc600$8101a8c0@tani' \
--to=nt@enet.org.al \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.