From: Grant Taylor <gtaylor@riverviewtech.net>
To: Mail List - Netfilter <netfilter@vger.kernel.org>
Subject: Re: Weird NAT problem
Date: Sat, 01 Nov 2008 18:14:21 -0500 [thread overview]
Message-ID: <490CE2CD.9090505@riverviewtech.net> (raw)
In-Reply-To: <200811012359.02766.bero@linux.cd>
On 11/1/2008 5:59 PM, Bernhard Rosenkraenzer wrote:
> It's almost any connection -- and the few connections that do work
> don't seem to be related to the destination. It seems more related to
> transfer size:
*nod*
> $ scp bero@linux.cd:linux*tar.bz2 .
> Password:
> linux-2.6.27.2.tar.bz2 0% 0 0.0 KB/s - stalled -
I bet that if you sniff traffic on each end of the connection you will
find that each end is sending packets and waiting for the other end to
reply. I'll even go so far as to say that the "linux.cd" system (above)
is even sending the reply packets in response to the last packet that it
received from your client and that your client is *not* receiving said
reply packet.
> So, authentication works, and it definitely gets something back or it
> wouldn't know the filename -- but it stops and just sits there as
> soon as bigger amounts of data get transferred.
Ayup. This is sounding more and more like a path MTU / (TCP)MSS issue
to me.
Like I said before (I don't know if you read the second half of my
post.) try using the TCPMSS match extension / target and clamping the
TCPMSS value.
> It can't be a performance problem on the router - this is a quadcore
> box that is (currently) almost idle, and has virtually no traffic on
> either ethernet card.
I /seriously/ /doubt/ that the box is over loaded. Keep in mind that
SMP has some of its own issues with IPTables. Though I don't think that
is your problem here.
Grant. . . .
prev parent reply other threads:[~2008-11-01 23:14 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-01 22:07 Weird NAT problem Bernhard Rosenkraenzer
2008-11-01 22:48 ` Grant Taylor
2008-11-01 22:52 ` Grant Taylor
2008-11-01 23:52 ` Bernhard Rosenkraenzer
2008-11-02 0:51 ` Grant Taylor
2008-11-02 11:08 ` Pascal Hambourg
2008-11-02 18:50 ` Grant Taylor
2008-11-01 22:59 ` Bernhard Rosenkraenzer
2008-11-01 23:14 ` Grant Taylor [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=490CE2CD.9090505@riverviewtech.net \
--to=gtaylor@riverviewtech.net \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox