IP masquerading and hung transfers

IP masquerading and hung transfers

Post by djf.. » Wed, 19 Jul 2000 04:00:00



Hello,

I have just set-up a Linux system with IP masquerading and a basic firewall
using PMFirewall (www.pmfirewall.com).

I am using it to masquerade IPs for three workstations behind the server
(connected to an ADSL connection).

My problem is that once I try to surf the web on one of the masqued
computers, it seems all files over a couple kilobytes will not get through
and hang. For example, in Netscape on a masqued computer, the first 12% of a
13kB file will come in and then hang until Netscape times out.

Any ideas or pointers ?

Thank you

Alexandre Gravel

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

IP masquerading and hung transfers

Post by Arjan Driem » Wed, 19 Jul 2000 04:00:00



>My problem is that once I try to surf the web on one of the masqued
>computers, it seems all files over a couple kilobytes will not get through
>and hang. For example, in Netscape on a masqued computer, the first 12% of a
>13kB file will come in and then hang until Netscape times out.

>Any ideas or pointers ?

What's the MTU of both interfaces?  Run ifconfig to find out.

Arjan
--
begin   LOVE-LETTER-FOR-YOU.TXT.vbs
        I'm a signature virus.  Please copy me to help me spread!
end

 
 
 

IP masquerading and hung transfers

Post by djf.. » Wed, 19 Jul 2000 04:00:00





> >My problem is that once I try to surf the web on one of the masqued
> >computers, it seems all files over a couple kilobytes will not get through
> >and hang. For example, in Netscape on a masqued computer, the first 12% of a
> >13kB file will come in and then hang until Netscape times out.

> >Any ideas or pointers ?

> What's the MTU of both interfaces?  Run ifconfig to find out.

Internal network adapter (MTU of 1500):
eth0      Link encap:Ethernet  HWaddr 52:54:05:F5:1A:08
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:13040 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11100 errors:0 dropped:0 overruns:0 carrier:0
          collisions:1 txqueuelen:100
          Interrupt:10 Base address:0x6000

Adapter to the ADSL modem (MTU of 1500):
eth1      Link encap:Ethernet  HWaddr 00:50:BA:E8:41:23
          UP BROADCAST RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:5878 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5225 errors:0 dropped:0 overruns:0 carrier:0
          collisions:4 txqueuelen:100
          Interrupt:11 Base address:0x6100

ppp0 "adapter" for the ADSL connection (MTU of 1492):
ppp0      Link encap:Point-to-Point Protocol
          inet addr:216.209.198.105  P-t-P:216.209.198.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:5861 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5222 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10

I'll try to change the MTU of ppp0 to 1500 to see what happens.

Alexandre Gravel

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

IP masquerading and hung transfers

Post by Arjan Driem » Wed, 19 Jul 2000 04:00:00




Quote:>> What's the MTU of both interfaces?  Run ifconfig to find out.
>          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
>I'll try to change the MTU of ppp0 to 1500 to see what happens.

I think it'll solve your problem.  See also
  http://deja.com/[ST_rn=ps]/getdoc.xp?AN=611405919
for an explanation of the problem, and how to change your MTU on linux
and windows boxes.

Arjan
--
begin   LOVE-LETTER-FOR-YOU.TXT.vbs
        I'm a signature virus.  Please copy me to help me spread!
end

 
 
 

IP masquerading and hung transfers

Post by djf.. » Wed, 19 Jul 2000 04:00:00






> >> What's the MTU of both interfaces?  Run ifconfig to find out.

> >          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

> >          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1

> >I'll try to change the MTU of ppp0 to 1500 to see what happens.

> I think it'll solve your problem.  See also
>   http://deja.com/[ST_rn=ps]/getdoc.xp?AN=611405919
> for an explanation of the problem, and how to change your MTU on linux
> and windows boxes.

Thanks for the link. I had just found the solution and applied it and it
worked perfectly (but I think performance degraded as a result, I have
yet to check it).

But what is the default MTU of a Win98 system ? Maybe I ought to change
the MTU on the Linux system to match all the other ones instead of
changing many configurations.

Alexandre.

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

IP masquerading and hung transfers

Post by Bruce Twamb » Sun, 30 Jul 2000 04:00:00



Quote:>Hello,

>I have just set-up a Linux system with IP masquerading and a basic
>firewall using PMFirewall (www.pmfirewall.com).

>I am using it to masquerade IPs for three workstations behind the server
>(connected to an ADSL connection).

>My problem is that once I try to surf the web on one of the masqued
>computers, it seems all files over a couple kilobytes will not get
>through and hang. For example, in Netscape on a masqued computer, the
>first 12% of a 13kB file will come in and then hang until Netscape times
>out.

>Any ideas or pointers ?

>Thank you

>Alexandre Gravel

>Sent via Deja.com http://www.deja.com/
>Before you buy.

I'm having the exact same problem!  I've followed some postings and
discussion concerning MTU size and fragmentation.  Using a particular web
based transfer as a control, I've set the MTU of all of my interfaces
(eth0 on masq'ed machine - Win98, eth0 and ppp0 on firewall - Redhat 6.2)
to 1500 up and down the lime.  Thinking this would do it, I happily
rebooted everything, went to the site on my client and the same thing
happened.  I watched the transfer on the firewall using tcpdump, but saw
no messages about fragmentation.

Is this related in anyway to ip_masq_ftp?  

Any help would be greatly appreciated!

Thanks
Bruce

 
 
 

1. IP for masqueraded net other than masquerading host IP

Hello

I have a linux box which should work as router for two subnets to the internet.
One subnet has valid IP addresses but the other subnet with private IPs has to be masqueraded. Is it possible to masquerade this subnet with an IP address from the other subnet or with the IP of the router port which is connected to the valid subnet and not with the IP address of the router port which is connected to the internet which is the default?

regards
Klaus

2. Dial up Multicast and Linux

3. FTP/HTTP transfer rate slows down w/ time through LINUX BOX & IP Masquerading...

4. status of JCK

5. IP Masquerading works, but does not masquerade from within the local network

6. 2.5.55 - ide-scsi hw lockup

7. IP MASQuerading NOT Masquerading?

8. X and #9 GXE64 S3 TRIO64 chip?

9. how can i use ipchains to transfer a ip port to other ip port

10. Backup scripts, IP firewalling and IP masquerading

11. IP NAT and IP Masquerading

12. IP-Chains vs. IP-Masquerade