Problem with IP masquerading and Macs

Problem with IP masquerading and Macs

Post by Edi Wei » Thu, 05 Nov 1998 04:00:00


I have a strange problem with my network at home:

The system consists of two Macs (PowerMac G3/333 and Performa 5200) and
two PCs (Pentium II 300 MHz and an older Pentium box) connected via
10BaseT Ethernet. The Macs run MacOS 8.5, the Pentium PC has Windows 98
and the Pentium II machine acts as a server running Linux 2.0.35 (S.u.S.E.
Linux distribution 5.3).

The Linux machine is configured to be a file and print server for the
other three computers and uses netatalk+asun and samba for this task. It
also uses IP masquerading (together with isdn4linux) and thus works as a
router for the rest of the network.

Everything works fine and is very stable and fast. (Especially compared to
other solutions that I tested to set up a heterogeneous network: Windows
NT Server, AppleShare IP 6.0, DAVE clients, PCMacLan...)

However, there is one simple but disturbing thing: Sometimes (and only
_sometimes_) the Macs have a problem with their Internet connection. More
exactly, the process that converts the URLs to IP addresses (the DNS
lookup) sometimes takes 5 seconds and more while it usually works in a
split second. The rest of the connection is fast. For example, it might
take 10 seconds until the Mac finds a certain FTP server but after finding
the server downloads und uploads work fine with full ISDN speed.

If this problem occurs it might last for some minutes or even an hour and
during this time period it affects _all_ URLs that I try. Sometimes the
DNS lookup is so slow that my e-mail client times out...

Here are some more details and some "solutions" that I tried and that
didn't work:

1. The problem doesn't occur with the Windows machine. The DNS lookup
there is always fast.

2. The G3 Mac has its own ISDN card. If I connect directly to the Internet
with this card, I don't have this problem. [However, I'd prefer not to use
this solution for two reasons: First, the other Mac doesn't have an ISDN
card. Second, Macs can only have one TCP/IP connection at a time (...) and
I don't want to change between Internet and Ethernet all the time.]

3. The problem doesn't vanish if I restart my Mac. Restarting the Linux
server doesn't help, too.

4. The internal IP numbering system is (Linux server) to
(the PC).

5. I tried different Domain Name Servers (and different sequences of
Domain Name Servers) in the TCP/IP settings of the Macs. No effect...

6. I had the same problem with MacOS 8.1.

7. I tried to start the Macs with a minimal set of system extensions. No

8. It doesn't matter which browser (Netscape or Explorer) or other client
(Anarchie, Emailer, NewsWatcher, ...) I use.

9. Maybe this is a symptom that might help in solving the problem:
Sometimes while I'm connected to the Internet with one of my Macs I try to
observe what's happening with netstat. Sometimes the command "netstat -M"
takes several seconds or even a whole minute until it finishes.

10. While looking a the netstat output I found out that the protocol that
Linux uses for accessing Domain Name Servers is UDP and not TCP/IP. I'm no
TCP/IP expert but maybe this is the cause...

I hope someone has an idea about what to do.

Thanks in advance.


PS: Please send a copy of your reply to my e-mail address

Dr. Edmund Weitz


Problem with IP masquerading and Macs

Post by patrick thempe » Tue, 10 Nov 1998 04:00:00

> ( well u know what)

1) if this happens only with your macs, and with both of them,  it looks like
a mac-problem and you would have more chance of getting an answer there.

2) i'm no specialist w./ mac-os and its tcpip ( hell , i haven't used one for
more than a year now). just basically, look at the routing maybe ( i take it
you use external dns, not one of your 10.x.x.x - machines is set up as
dns-server )- make sure all external traffic is routed via your linux-server.

3) under this condition ( when dns-lookup is so slow from your macs ) try to
just ping your dns-server, maybe the reaction-time will tell you something.

4) theres a tool called tcpdump that you can setup on the linux-box to monitor
all( ore filtered) tcp-packets in your network - might tell you something as

sorry i cant be of more help, good luck anyway

(dont bite my finger-look where i'm pointing)


1. IP Masquerading with IP Address and Mac Address Restrictions


I am setting up a Linux box to run I.P. Masquerading for other machines
on my LAN.  Question is I want to be able to give access to those machines
satisfy two prerequisites: The I.P. address the machine has been
assigned must match the mac address of the NIC card.  It's probably
some simple switch in the software I'm not aware of, but I neither have been
able to locate
it in the software or in the HOWTOs.

Does anybody know how to do this?


2. glibc and libc5 binary, which one will run faster?

3. IP for masqueraded net other than masquerading host IP

4. Byte Alignment

5. Mac OpenTransport and IP Masquerade

6. laserwriting/CAP60/Sol2.2

7. IP Masquerading/NAT with MAC address filtering

8. UNIX--whats so good about it?

9. Macs with IP masquerading

10. IP Masquerade & MAC Numbers

11. IP Firewall and IP Masquerading Problems

12. IP Masquerading works, but does not masquerade from within the local network

13. IP MASQuerading NOT Masquerading?