I had similar problels with ADSL, I remember hearing that it was related
to the packet sizes, you'll have to change the MTU size.
On Wed, 20 Dec 2000, Micah Yoder wrote:
> Hi,
>
> I'm trying to masquerade a cable modem connection (static IP) with a
> couple other boxes. Problem is, from a masq'ed box, the Internet seems
> to work in "spurts" -- i.e. I can access a Web page and/or check my
> mail, and it will usually complete the transaction... but then I try to
> access anything else, and it will either be excruciatingly slow or it
> won't work at all. That's for a LONG time -- maybe 10 minutes to a half
> hour (haven't timed it). Then if I wait a while and try it again, I'll
> get another "spurt". When the spurts happen, performance seems to be OK
> -- I got 68 POP mail messages rather quickly.
>
> The setup -- server has only one ethernet card, which seems like it
> could be the problem except that that doesn't quite explain why I get
> either decent performance or practically none. Also the server has only
> one interface, eth0, which is set to my static IP given by the cable
> company. I didn't attempt to configure eth0:0 with a local net
> address. I dunno if that would help. Although when they move me to
> dynamic (whenever they get DHCP working) I'll probably have to do that.
>
> Here's the script on the server that gets executed on boot.... it sets
> up all the masq stuff. It's pretty much straight from the HOWTO with a
> couple minor modifications (like the local net address = 192.168.1.x and
> uncommenting a modprobe for IRC).
>
> Thanks for any ideas.
>
> #!/bin/sh
> #
> # rc.firewall - Initial SIMPLE IP Masquerade test for 2.1.x and 2.2.x
> kernels
> # using IPCHAINS
> #
> # Load all required IP MASQ modules
> #
> # NOTE: Only load the IP MASQ modules you need. All current IP MASQ
> modules
> # are shown below but are commented out from loading.
>
> # Needed to initially load modules
> #
> /sbin/depmod -a
>
> # Supports the proper masquerading of FTP file transfers using the PORT
> method
> #
> /sbin/modprobe ip_masq_ftp
>
> # Supports the masquerading of RealAudio over UDP. Without this module,
> # RealAudio WILL function but in TCP mode. This can cause a
> reduction
> # in sound quality
> #
> /sbin/modprobe ip_masq_raudio
>
> # Supports the masquerading of IRC DCC file transfers
> #
> /sbin/modprobe ip_masq_irc
>
>
> # Supports the masquerading of Quake and QuakeWorld by default. This
> modules is
> # for for multiple users behind the Linux MASQ server. If you are
> going to
> # play Quake I, II, and III, use the second example.
> #
> # NOTE: If you get ERRORs loading the QUAKE module, you are running
> an old
> # ----- kernel that has bugs in it. Please upgrade to the newest
> kernel.
> #
> #Quake I / QuakeWorld (ports 26000 and 27000)
> #/sbin/modprobe ip_masq_quake
> #
> #Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960)
> #/sbin/modprobe ip_masq_quake 26000,27000,27910,27960
>
>
> # Supports the masquerading of the CuSeeme video conferencing software
> #
> #/sbin/modprobe ip_masq_cuseeme
>
> #Supports the masquerading of the VDO-live video conferencing software
> #
> #/sbin/modprobe ip_masq_vdolive
>
>
> #CRITICAL: Enable IP forwarding since it is disabled by default since
> #
> # Redhat Users: you may try changing the options in
> # /etc/sysconfig/network from:
> #
> # FORWARD_IPV4=false
> # to
> # FORWARD_IPV4=true
> #
> echo "1" > /proc/sys/net/ipv4/ip_forward
>
>
> #CRITICAL: Enable automatic IP defragmenting since it is disabled by
> default
> # in 2.2.x kernels. This used to be a compile-time option but
> the
> # behavior was changed in 2.2.12
> #
> echo "1" > /proc/sys/net/ipv4/ip_always_defrag
>
>
> # Dynamic IP users:
> #
> # If you get your IP address dynamically from SLIP, PPP, or DHCP,
> enable this # following option. This enables dynamic-ip address
> hacking in IP MASQ,
> # making the life with Diald and similar programs much easier.
> #
> #echo "1" > /proc/sys/net/ipv4/ip_dynaddr
>
>
> # Enable the LooseUDP patch which some Internet-based games require
> #
> # If you are trying to get an Internet game to work through your IP
> MASQ box,
> # and you have set it up to the best of your ability without it
> working, try
> # enabling this option (delete the "#" character). This option is
> disabled
> # by default due to possible internal machine UDP port scanning
> # vunerabilities.
> #
> #echo "1" > /proc/sys/net/ipv4/ip_masq_udp_dloose
>
>
> # MASQ timeouts
> #
> # 2 hrs timeout for TCP session timeouts
> # 10 sec timeout for traffic after the TCP/IP "FIN" packet is received
> # 160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users)
> #
> /sbin/ipchains -M -S 7200 10 160
>
>
> # DHCP: For people who receive their external IP address from either
> DHCP or
> # BOOTP such as ADSL or Cablemodem users, it is necessary to use
> the
> # following before the deny command. The
> "bootp_client_net_if_name"
> # should be replaced the name of the link that the DHCP/BOOTP
> server
> # will put an address on to? This will be something like "eth0",
> # "eth1", etc.
> #
> # This example is currently commented out.
> #
> #
> #/sbin/ipchains -A input -j ACCEPT -i bootp_clients_net_if_name -s 0/0
> 67 -d 0/0 68 -p udp
>
> # Enable simple IP forwarding and Masquerading
> #
> # NOTE: The following is an example for an internal LAN address in the
> # 192.168.0.x network with a 255.255.255.0 or a "24" bit subnet
> mask
> # connecting to the Internet on interface eth0.
> #
> # ** Please change this network number, subnet mask, and your
> Internet
> # ** connection interface name to match your internal LAN setup
> #
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -A forward -i eth0 -s 192.168.1.0/24 -j MASQ
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
