From: "eNet" <nt@enet.org.al>
To: netfilter@lists.netfilter.org
Subject: iptables delay connection phase
Date: Mon, 30 Jun 2003 09:14:14 +0200 [thread overview]
Message-ID: <002d01c33ed7$360fc600$8101a8c0@tani> (raw)
[-- Attachment #1: Type: text/plain, Size: 2452 bytes --]
Hello List,
I am new in iptables and list.
I have problem when my dialup clients trying to check their emails. There is a delay because of iptables. On that box I use linux kernel 2.4.19 and rc.firewall
Here are more details of what is happening:
Case 1. without iptables . It is OK. No delay.
19:45:51.756818 arp who-has xxx.xxx.xxx.1 tell xxx.xxx.xxx.129
19:45:51.756837 arp reply xxx.xxx.xxx.1 is-at yy:yy:yy:yy:yy
19:45:51.756920 xxx.xxx.xxx.129.2814 > NS1.enet.org.al.pop3: S 1490445489:1490445489(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
19:45:51.756988 NS1.enet.org.al.pop3 > xxx.xxx.xxx.129.2814: S 401842756:401842756(0) ack 1490445490 win 5840 <mss 1460,nop,nop,sackOK>
(DF)
19:45:51.757102 xxx.xxx.xxx.129.2814 > NS1.enet.org.al.pop3: . ack 1 win 17520 (DF)
19:45:51.761677 xxx.xxx.xxx.1.48021 > xxx.xxx.xxx.129.auth: S 387191140:387191140(0) win 5840 <mss 1460,sackOK,timestamp 251690774
0,nop,wscale 0> (DF) 19:45:51.761856 xxx.xxx.xxx.129.auth > xxx.xxx.xxx.1.48021: R 0:0(0) ack 387191141 win 0
etc...
Case 2. iptables activated. Problem: delay
20:00:43.670848 xxx.xxx.xxx.129.2824 > NS1.enet.org.al.pop3: S 1713847144:1713847144(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
20:00:43.670903 NS1.enet.org.al.pop3 > xxx.xxx.xxx.129.2824: S 1342878817:1342878817(0) ack 1713847145 win 5840 <mss 1460,nop,nop,sackOK>
(DF)
20:00:43.671015 xxx.xxx.xxx.129.2824 > NS1.enet.org.al.pop3: . ack 1 win 17520 (DF)
20:00:43.672185 xxx.xxx.xxx.1.48326 > xxx.xxx.xxx.129.auth: S 1340299399:1340299399(0) win 5840 <mss 1460,sackOK,timestamp 251779965
0,nop,wscale 0> (DF)
now it goes around (!!!!!??)
20:00:43.672291 xxx.xxx.xxx.129.auth > xxx.xxx.xxx.1.48326: R 0:0(0) ack 1340299400 win 0
20:00:46.666594 xxx.xxx.xxx.1.48326 > xxx.xxx.xxx.129.auth: S 1340299399:1340299399(0) win 5840 <mss 1460,sackOK,timestamp 251780265
0,nop,wscale 0> (DF)
20:00:46.666744 192.168.1.129.auth > xxx.xxx.xxx.1.48326: R 0:0(0) ack 1 win
0
20:00:52.666607 192.168.1.1.48326 > xxx.xxx.xxx.129.auth: S
1340299399:1340299399(0) win 5840 <mss 1460,sackOK,timestamp 251780865
0,nop,wscale 0> (DF)
20:00:52.666754 xxx.xxx.xxx.129.auth > xxx.xxx.xxx.1.48326: R 0:0(0) ack 1 win
0
untill here:
20:01:04.666637 xxx.xxx.xxx.1.48326 > xxx.xxx.xxx.129.auth: S 1340299399:1340299399(0) win 5840 <mss 1460,sackOK,timestamp 251782065
0,nop,wscale 0> (DF)
etc....
Any help appreciated.
Tani
[-- Attachment #2: Type: text/html, Size: 3957 bytes --]
next reply other threads:[~2003-06-30 7:14 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-06-30 7:14 eNet [this message]
2003-06-30 7:33 ` iptables delay connection phase Ray Leach
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='002d01c33ed7$360fc600$8101a8c0@tani' \
--to=nt@enet.org.al \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox