LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-29-2004, 04:51 PM   #1
sglow
LQ Newbie
 
Registered: Jan 2004
Location: Sterling, MA, USA
Distribution: Gentoo
Posts: 7

Rep: Reputation: 0
Slow downloads through iptables NAT


I have a network at home with several Linux machines. One is directly connected to the Internet (via Cable modem) and acts as a NAT gateway / firewall. This box is running iptables.

My desktop system is also running Linux, it get's it's IP address from the server using dhcp.

File download speed from the server is quite good. I often see speeds of 500 Kbytes/sec when downloading from a good server. Transfer across the local network is much faster then that as would be expected.

My problem comes in when I try to do a file download from the Internet from the desktop system. In this case the download speed is typically in the 20-30 Kbytes/sec range, 20 times slower then the server's direct connection.

I've tried playing with the iptables rules. I've removed all rules from the filter table and only have the one in the nat table. I've tried this rule with both SNAT and MASQUERADE destination. No change.

I'd be happy to provide any info that would be helpful, I've just run out of ideas as to what could be the problem. Any suggestions where to look?

Thanks,
Steve
 
Old 02-29-2004, 05:16 PM   #2
linuxxed
Member
 
Registered: Feb 2004
Posts: 273

Rep: Reputation: 30
I take it you don't have rules that monitor the TCP states - ESTABLISHED, RELATED etc etc.

Are the desktop machines connecting to the internet via proxy? If yes then it might be worth checking the proxy configuration about any restrictions on bandwidth.

MRTG would help here to identify the bottleneck.
 
Old 02-29-2004, 05:25 PM   #3
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48
test it in both passive and active modes...
Could also just be a network card that's autodetecting half duplex while the other is full duplex.
 
Old 02-29-2004, 06:41 PM   #4
sglow
LQ Newbie
 
Registered: Jan 2004
Location: Sterling, MA, USA
Distribution: Gentoo
Posts: 7

Original Poster
Rep: Reputation: 0
Hi Peter;

Thanks for the reply. How would I test this in passive and active mode?

Thanks,
SG
 
Old 02-29-2004, 09:59 PM   #5
sglow
LQ Newbie
 
Registered: Jan 2004
Location: Sterling, MA, USA
Distribution: Gentoo
Posts: 7

Original Poster
Rep: Reputation: 0
OK, I've been looking into the full / half duplex issue, but as far as I can tell both the ethernet card in my desktop system, and the one in my server that's talking to it are in full duplex mode.

I used the mii-tool utility to check the status of both cards, and they both report operating in full duplex mode during the transfer. Also, when I just do a local transfer from the server to the desktop system I get very high bandwidth; 8 Mbyte/sec using scp. There really doesn't seem to be any sort of communication problem locally, or even from the server to the Internet. The problems only happen when I'm talking from the desktop system to the Internet, via the server.

Any other thoughts?

Thanks,
Steve
 
Old 03-01-2004, 06:23 AM   #6
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48
Most ftp clients have an option to turn PASV mode on/off.
Set up your ftp client to use active mode first.
Coz the data channel is a separate process on port 20, it is usually clean of any overheads..
2nd try it in PASV mode. You may need to modprobe ip_conntrack_ftp & ip_nat_ftp modules on the gateway if you don't have a state rule specifying them.
PASV uses a complicated handshaking to negotiate the ports used
3rd try an http download from a website, eg a pdf document or similar

If they are all slow, try with a clean ruleset on the server, just ip_forwarding on and SNAT on the external interface. No rules on the desktop machine, no filtering.
If that works, add your rules one by one and check their effects..
If it's still slow, it's gonna be trickier to locate...

Some companies strangle connections behind the cable connected pc, so you may need to add a patch-o-matic TTL patch to mangle the outgoing TTLs & hide the subnet behind the gateway pc...
Gentoo has this patched already, so on the server try
iptables -t mangle -A POSTROUTING -o ethx -j TTL --ttl-set 64

Last edited by peter_robb; 03-01-2004 at 06:43 AM.
 
Old 03-25-2004, 01:21 AM   #7
bejean
LQ Newbie
 
Registered: Mar 2004
Location: Atlanta, GA
Distribution: Slackware 9.1
Posts: 9

Rep: Reputation: 0
Is there a TTL target support patch for the 2.6 kernels?
 
Old 03-25-2004, 02:18 AM   #8
bejean
LQ Newbie
 
Registered: Mar 2004
Location: Atlanta, GA
Distribution: Slackware 9.1
Posts: 9

Rep: Reputation: 0
okay, I'm having the same problem as sglow. I've tried everything mentioned above and in other threads to no avail (including mangling the TTL of outgoing packets). Out of curiosity, what ISP and modem are you using sglow? I'm using a motorola surfboard with Comcast.

-Bejean
 
Old 03-25-2004, 06:33 AM   #9
sglow
LQ Newbie
 
Registered: Jan 2004
Location: Sterling, MA, USA
Distribution: Gentoo
Posts: 7

Original Poster
Rep: Reputation: 0
Interesting, I'm also using a surfboard with Comcast.

I've also noticed that ifconfig reports a fairly large number of errors on the network interface that's connected to the cable modem. This errors seem to mostly occur when I'm using NAT. Do you see errors bejean?

Steve
 
Old 03-25-2004, 10:38 AM   #10
bejean
LQ Newbie
 
Registered: Mar 2004
Location: Atlanta, GA
Distribution: Slackware 9.1
Posts: 9

Rep: Reputation: 0
Yes, I see errors too. Not a ton, but to have any is kind of abnormal.
 
Old 03-25-2004, 10:41 AM   #11
bejean
LQ Newbie
 
Registered: Mar 2004
Location: Atlanta, GA
Distribution: Slackware 9.1
Posts: 9

Rep: Reputation: 0
What kind of Network card are you using sglow? Coincidentally, this problem goes away if I put the modem on my roomates computer and use windows internet connection sharing, but who wants to do that.
 
Old 03-25-2004, 12:31 PM   #12
sglow
LQ Newbie
 
Registered: Jan 2004
Location: Sterling, MA, USA
Distribution: Gentoo
Posts: 7

Original Poster
Rep: Reputation: 0
Both cards in that computer are Linksys cards, and therefore both are using the Tulip drivers.

To be even more specific, here is the info from lspci:

Code:
00:0f.0 Ethernet controller: Linksys Network Everywhere Fast Ethernet 10/100 model NC100 (rev 11)
00:10.0 Ethernet controller: Lite-On Communications Inc LNE100TX [Linksys EtherFast 10/100] (rev 25)
I mentioned that I was seeing some errors reported by ifconfig. Here are the details:

Code:
eth0      Link encap:Ethernet  HWaddr 00:04:5A:7A:F6:3F
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8418704 errors:51 dropped:0 overruns:0 frame:51
          TX packets:1859980 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:3031663647 (2891.2 Mb)  TX bytes:811886819 (774.2 Mb)
          Interrupt:5 Base address:0xdc00

eth1      Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx:xx
          inet addr:24.34.xxx.xxx  Bcast:255.255.255.255  Mask:255.255.252.0
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1086471 errors:2552 dropped:0 overruns:0 frame:3841
          TX packets:91558 errors:4 dropped:0 overruns:3 carrier:2
          collisions:0 txqueuelen:100
          RX bytes:178992228 (170.7 Mb)  TX bytes:15444722 (14.7 Mb)
          Interrupt:11 Base address:0xe000
Steve
 
Old 03-25-2004, 05:00 PM   #13
bejean
LQ Newbie
 
Registered: Mar 2004
Location: Atlanta, GA
Distribution: Slackware 9.1
Posts: 9

Rep: Reputation: 0
I'm using 2 3com 3c905B's so I guess the NIC can be eliminated as the source. I'm also getting about the same ratio of recieved packets to errors on eth1 as you. I'll keep on searching, but it's not looking promising.
 
Old 03-25-2004, 05:21 PM   #14
bejean
LQ Newbie
 
Registered: Mar 2004
Location: Atlanta, GA
Distribution: Slackware 9.1
Posts: 9

Rep: Reputation: 0
Ok, on a hunch, I just switched the internal and external network cards and now everything works fine. I think the external NIC is a little flaky. You might want to try this also, or even try swithing the external NIC with a brand new one.

-Bejean
 
Old 06-05-2004, 12:18 PM   #15
sglow
LQ Newbie
 
Registered: Jan 2004
Location: Sterling, MA, USA
Distribution: Gentoo
Posts: 7

Original Poster
Rep: Reputation: 0
Fixed (finally)

OK, it took me three months to get around to it, but I finally spent the big bucks ($18) and picked up a new D-Link network card.

I tried swapping out one of the linksys cards and the problem persisted. I swapped out the other Linksys card and now everything is working great. My download speed went from about 50Kbytes/sec to 300Kbytes/sec!

Thanks all,

Steve
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Mozilla 1.7 + slow saving downloads kurrupt Linux - Software 1 05-22-2005 09:24 AM
Very slow FTP downloads with Proftpd goozlq Linux - Networking 2 01-24-2005 03:32 PM
slow connection through iptables/nat rellick Linux - Networking 7 03-18-2004 11:24 PM
Slow downloads trough LAN smoketoomuch Linux - Newbie 0 09-17-2002 06:31 AM
FTP - Fast Downloads - SLOW UPLOADS? fed007 Linux - Newbie 2 08-19-2001 11:32 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:55 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration