Very Computer

On the web browser front, I can browse a few simple webpages that
don't have many links (google works ok) - but if the page contains a
lot of links made up of hostnames (like ebay.com), it gets nowhere
fast.

My setup is as follows (a little screwy):  I've got a cable modem
hooked into a D-Link DI-604 broadband NAT.  This router assigns DHCP
addresses in the 192.168.0.x range to all wired hosts.  Then I've got
the old laptop set up with a wired interface (eth1 - 192.168.0.102)
and a wireless interface (eth0 - manually configured to 10.20.30.1,
set in ad-hoc mode, and all wireless clients are in the 10.20.30.x
subnet in ad-hoc mode as well).  The laptop is set up to do ip
masquerading using iptables, and my iptables script is shown below
(all the lines that I have commented out, I've tried at some point
with no success).  You'll notice the iptables script is fairly loose -
I'm not too worried about setting up a firewall since my D-Link NAT
already has one built in (which shouldn't be blocking any DNS).

I'm not sure if my problem lies in the iptables configuration, or if I
need to do something to /etc/resolv.conf on either the laptop NAT or
the wireless clients.  I've tried a wireless windows client as well as
a wireless linux client, and both are extremely slow at loading most
webpages due to the DNS slowdown (I think).

Any ideas?
Jon

#####################
#/bin/bash

iptables -F
iptables -t nat -F

iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT

iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source
192.168.0.102
# iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

iptables -A INPUT -i eth1 -p ICMP -j ACCEPT

# 204.127.198.19 and 63.240.76.19 are my ISP's DNS servers
# iptables -A INPUT -i eth1 -p tcp -s 204.127.198.19 --sport 53 -j
ACCEPT
# iptables -A INPUT -i eth1 -p tcp -s 63.240.76.19 --sport 53 -j
ACCEPT
# iptables -A INPUT -i eth1 -p udp -s 204.127.198.19 --sport 53 -j
ACCEPT
# iptables -A INPUT -i eth1 -p udp -s 63.240.76.19 --sport 53 -j
ACCEPT

#####################

What's probably happening (see resolv.conf) is that one of your DNS servers
isn't answering.  The request times out before falling over to the next
one.  "tcpdump -p" can be used (as root) to monitor this traffic.  You'll
see your machine making the request repeatedly, getting no answer,
switching to the next server and getting an immediate response.

The delays in "pings" are a different matter.  Wireless is prone to a lot of
retries and failed transmissions and to improve things you must fiddle with
antennas.  Note that this /won't/ be the reason why the DNS lookups take so
long.  They would take just as long with a wire.

Bear in mind also that if your laptop is also running Linux, and you've got
several DNS servers running, the configuration between them (and your ISP)
must be appropriate.  Also, the DHCP server(s) must be providing the
correct parameters to their clients.  So there are several possible points
of error here; several scenarios which must be considered.

On the pings, here's the output I'm getting when I try pinging from
the access point laptop - not going through wireless, but it is behind
the iptables firewall:

PING cwis.usc.edu (128.125.253.146) from 192.168.0.102 : 56(84) bytes
of data.
64 bytes from 128.125.253.146: icmp_seq=1 ttl=240 time=10.3 ms
64 bytes from 128.125.253.146: icmp_seq=2 ttl=240 time=19.5 ms
64 bytes from 128.125.253.146: icmp_seq=3 ttl=240 time=9.42 ms
64 bytes from 128.125.253.146: icmp_seq=4 ttl=240 time=11.8 ms

--- cwis.usc.edu ping statistics ---
4 packets transmitted, 4 received, 0% loss, time 30102ms
rtt min/avg/max/mdev = 9.428/12.788/19.531/3.993 ms

Note that the ping times are ~10ms as they should be, but the actual
time to receive 4 replies is around 30 seconds - to me this suggests a
DNS problem, unless you have any other ideas?  It's definitely not a
problem with wireless transmissions - here I'm not going through
wireless.  In addition, the # of retries on my wireless cards are set
to 4 (I plan to change this), and there aren't any occurrences of
excessive retries so I don't think I'm experiencing too much wireless
loss.

I've tried several configurations for resolv.conf - I've put in the
address of my D-Link NAT (192.168.0.1), and I've put in the addresses
of my ISP DNS Servers.  I suppose I could try re-ordering these, but I
highly doubt it's a problem with my ISP servers - my other machines
that aren't behind the wireless NAT aren't having any slowdowns at
all...

I'm going to try out the UDP test, and also run some tcpdump traces,
and see what I discover...

Let me know if you have any other ideas,
Jon