Internet slow down related to the firewall
Les
hlhowell at pacbell.net
Sun Aug 12 02:19:58 UTC 2007
On Sat, 2007-08-11 at 08:13 -0500, Aaron Konstam wrote:
> On Fri, 2007-08-10 at 08:40 +0100, Andy Green wrote:
> > Somebody in the thread at some point said:
> >
> > > How can the firewall cause the speed to be good for 2 or 3 seconds
> > > (1.5Mb) and then fall to 30Kbit? Anyone?
> >
> > There is actually rate limiting stuff in iptables, but presumably you
> > would know if you had enabled it.
> >
> > You don't specify what kinds of "internet" access you tried, was it just
> > http or you saw the same problem all over?
> >
> > I would re-enable the firewall, confirm the problem comes back and then
> > post the results of
> >
> > iptables -L -n
> >
> > and the early part of
> >
> > tcpdump
> >
> > while you try to make a transfer that is affected.
> >
> > -Andy
> >
> I am having just this type of problem on my F6 system and I have no
> iptables.
>
> I discovered the problem was a defective internet connector.
The internet connector is good (the same system with windows/linux shows
good down load/up load speeds on windows and bad on linux).
Ok, re-enabled the firewall and sure enough the problem returned.
Here is the list that Andre requested (Andre, I wasn't ignoring you,
your message never got through. I will track that down in a minute,
probably a messup in my killing some spam).
# !!
iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp
dpt:5353
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpt:631
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:25
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW
udp dpt:137
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW
udp dpt:138
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:139
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:445
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:6881
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:6882
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW
udp dpt:6882
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:6883
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:6884
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:6885
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpts:6886:6999
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:8095
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-host-prohibited
[root at school ~] # tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
19:16:10.631326 arp who-has 192.168.1.66 (Broadcast) tell home
19:16:10.646027 IP School.32791 > home.domain: 48763+ PTR?
66.1.168.192.in-addr.arpa. (43)
19:16:10.708373 IP home.domain > School.32791: 48763 NXDomain* 0/1/0
(99)
19:16:10.708606 IP School.32791 > home.domain: 64085+ PTR?
254.1.168.192.in-addr.arpa. (44)
19:16:10.719892 IP home.domain > School.32791: 64085* 1/1/1 (172)
19:16:10.721100 IP School.32791 > home.domain: 53814+ PTR?
64.1.168.192.in-addr.arpa. (43)
19:16:10.730233 IP home.domain > School.32791: 53814* 1/1/1 (171)
19:16:11.634538 arp who-has 192.168.1.66 (Broadcast) tell home
19:16:12.640138 arp who-has 192.168.1.67 (Broadcast) tell home
19:16:12.640324 IP School.32791 > home.domain: 45120+ PTR?
67.1.168.192.in-addr.arpa. (43)
19:16:12.702700 IP home.domain > School.32791: 45120 NXDomain* 0/1/0
(99)
19:16:13.643042 arp who-has 192.168.1.67 (Broadcast) tell home
19:16:14.553498 IP School.32791 > home.domain: 21386+ A?
fedoraproject.org. (35)
19:16:14.648215 arp who-has IBM-91393251585 (Broadcast) tell home
19:16:14.648408 IP School.32792 > home.domain: 27741+ PTR?
68.1.168.192.in-addr.arpa. (43)
19:16:14.654283 IP home.domain > School.32792: 27741* 1/1/1 (180)
19:16:14.669996 IP home.domain > School.32791: 21386 1/2/1 A
wiki.fedoraproject.org (119)
19:16:14.670391 IP School.48853 > wiki.fedoraproject.org.http: S
1976268069:1976268069(0) win 5840 <mss 1460,sackOK,timestamp 66074454
0,nop,wscale 6>
19:16:14.670481 IP School.32792 > home.domain: 55911+ PTR?
122.176.132.209.in-addr.arpa. (46)
19:16:14.699919 IP wiki.fedoraproject.org.http > School.48853: S
2295634025:2295634025(0) ack 1976268070 win 5792 <mss
1380,sackOK,timestamp 1146027527 66074454,nop,wscale 7>
19:16:14.700016 IP School.48853 > wiki.fedoraproject.org.http: . ack 1
win 92 <nop,nop,timestamp 66074483 1146027527>
19:16:14.700126 IP School.48853 > wiki.fedoraproject.org.http: P
1:418(417) ack 1 win 92 <nop,nop,timestamp 66074483 1146027527>
19:16:14.735394 IP wiki.fedoraproject.org.http > School.48853: . ack 418
win 54 <nop,nop,timestamp 1146027536 66074483>
19:16:14.798757 IP home.domain > School.32792: 55911 1/3/0 (146)
19:16:14.849753 IP wiki.fedoraproject.org.http > School.48853: .
1:1369(1368) ack 418 win 54 <nop,nop,timestamp 1146027561 66074483>
19:16:14.849819 IP School.48853 > wiki.fedoraproject.org.http: . ack
1369 win 134 <nop,nop,timestamp 66074633 1146027561>
19:16:14.857646 IP wiki.fedoraproject.org.http > School.48853: .
1369:2737(1368) ack 418 win 54 <nop,nop,timestamp 1146027561 66074483>
19:16:14.857720 IP School.48853 > wiki.fedoraproject.org.http: . ack
2737 win 177 <nop,nop,timestamp 66074641 1146027561>
19:16:14.871453 IP School.48854 > wiki.fedoraproject.org.http: S
2178288523:2178288523(0) win 5840 <mss 1460,sackOK,timestamp 66074655
0,nop,wscale 6>
19:16:14.883293 IP wiki.fedoraproject.org.http > School.48853: P
2737:4105(1368) ack 418 win 54 <nop,nop,timestamp 1146027571 66074633>
19:16:14.883390 IP School.48853 > wiki.fedoraproject.org.http: . ack
4105 win 220 <nop,nop,timestamp 66074667 1146027571>
19:16:14.891288 IP wiki.fedoraproject.org.http > School.48853: .
4105:5473(1368) ack 418 win 54 <nop,nop,timestamp 1146027571 66074633>
19:16:14.891371 IP School.48853 > wiki.fedoraproject.org.http: . ack
5473 win 263 <nop,nop,timestamp 66074675 1146027571>
19:16:14.899079 IP wiki.fedoraproject.org.http > School.48853: .
5473:6841(1368) ack 418 win 54 <nop,nop,timestamp 1146027573 66074641>
19:16:14.899152 IP School.48853 > wiki.fedoraproject.org.http: . ack
6841 win 305 <nop,nop,timestamp 66074682 1146027573>
19:16:14.909014 IP wiki.fedoraproject.org.http > School.48853: .
6841:8209(1368) ack 418 win 54 <nop,nop,timestamp 1146027573 66074641>
19:16:14.909068 IP School.48853 > wiki.fedoraproject.org.http: . ack
8209 win 348 <nop,nop,timestamp 66074692 1146027573>
19:16:14.909077 IP wiki.fedoraproject.org.http > School.48854: S
2936948338:2936948338(0) ack 2178288524 win 5792 <mss
1380,sackOK,timestamp 2878751215 66074655,nop,wscale 7>
19:16:14.909102 IP School.48854 > wiki.fedoraproject.org.http: . ack 1
win 92 <nop,nop,timestamp 66074692 2878751215>
19:16:14.909239 IP School.48854 > wiki.fedoraproject.org.http: P
1:386(385) ack 1 win 92 <nop,nop,timestamp 66074693 2878751215>
19:16:14.916865 IP wiki.fedoraproject.org.http > School.48853: .
8209:9577(1368) ack 418 win 54 <nop,nop,timestamp 1146027579 66074667>
19:16:14.916939 IP School.48853 > wiki.fedoraproject.org.http: . ack
9577 win 391 <nop,nop,timestamp 66074700 1146027579>
19:16:14.926662 IP wiki.fedoraproject.org.http > School.48853: .
9577:10945(1368) ack 418 win 54 <nop,nop,timestamp 1146027579 66074667>
19:16:14.926715 IP School.48853 > wiki.fedoraproject.org.http: . ack
10945 win 434 <nop,nop,timestamp 66074710 1146027579>
19:16:14.934656 IP wiki.fedoraproject.org.http > School.48853: P
10945:12313(1368) ack 418 win 54 <nop,nop,timestamp 1146027581 66074675>
19:16:14.934732 IP School.48853 > wiki.fedoraproject.org.http: . ack
12313 win 476 <nop,nop,timestamp 66074718 1146027581>
19:16:14.934740 IP wiki.fedoraproject.org.http > School.48853: P
12313:12335(22) ack 418 win 54 <nop,nop,timestamp 1146027581 66074675>
19:16:14.934758 IP School.48853 > wiki.fedoraproject.org.http: . ack
12335 win 476 <nop,nop,timestamp 66074718 1146027581>
19:16:14.944539 IP wiki.fedoraproject.org.http > School.48853: .
12335:13703(1368) ack 418 win 54 <nop,nop,timestamp 1146027583 66074682>
19:16:14.944619 IP School.48853 > wiki.fedoraproject.org.http: . ack
13703 win 519 <nop,nop,timestamp 66074728 1146027583>
19:16:14.952337 IP wiki.fedoraproject.org.http > School.48853: .
13703:15071(1368) ack 418 win 54 <nop,nop,timestamp 1146027583 66074682>
19:16:14.952418 IP School.48853 > wiki.fedoraproject.org.http: . ack
15071 win 562 <nop,nop,timestamp 66074736 1146027583>
19:16:14.960205 IP wiki.fedoraproject.org.http > School.48853: .
15071:16439(1368) ack 418 win 54 <nop,nop,timestamp 1146027585 66074692>
19:16:14.960279 IP School.48853 > wiki.fedoraproject.org.http: . ack
16439 win 605 <nop,nop,timestamp 66074744 1146027585>
19:16:14.970210 IP wiki.fedoraproject.org.http > School.48853: .
16439:17807(1368) ack 418 win 54 <nop,nop,timestamp 1146027585 66074692>
19:16:14.970270 IP School.48853 > wiki.fedoraproject.org.http: . ack
17807 win 647 <nop,nop,timestamp 66074754 1146027585>
19:16:14.970279 IP wiki.fedoraproject.org.http > School.48854: . ack 386
win 54 <nop,nop,timestamp 2878751261 66074693>
19:16:14.972006 IP wiki.fedoraproject.org.http > School.48854: P
1:300(299) ack 386 win 54 <nop,nop,timestamp 2878751261 66074693>
19:16:14.972085 IP School.48854 > wiki.fedoraproject.org.http: . ack 300
win 108 <nop,nop,timestamp 66074755 2878751261>
19:16:14.981992 IP wiki.fedoraproject.org.http > School.48853: .
17807:19175(1368) ack 418 win 54 <nop,nop,timestamp 1146027588 66074700>
19:16:14.982064 IP School.48853 > wiki.fedoraproject.org.http: . ack
19175 win 690 <nop,nop,timestamp 66074765 1146027588>
19:16:14.989730 IP wiki.fedoraproject.org.http > School.48853: P
19175:20543(1368) ack 418 win 54 <nop,nop,timestamp 1146027588 66074700>
19:16:14.989803 IP School.48853 > wiki.fedoraproject.org.http: . ack
20543 win 733 <nop,nop,timestamp 66074773 1146027588>
19:16:14.997603 IP wiki.fedoraproject.org.http > School.48853: .
20543:21911(1368) ack 418 win 54 <nop,nop,timestamp 1146027588 66074710>
19:16:14.997671 IP School.48853 > wiki.fedoraproject.org.http: . ack
21911 win 776 <nop,nop,timestamp 66074781 1146027588>
19:16:15.005499 IP wiki.fedoraproject.org.http > School.48853: .
21911:23279(1368) ack 418 win 54 <nop,nop,timestamp 1146027588 66074710>
19:16:15.005552 IP School.48853 > wiki.fedoraproject.org.http: . ack
23279 win 818 <nop,nop,timestamp 66074789 1146027588>
19:16:15.007684 IP wiki.fedoraproject.org.http > School.48853: P
23279:23307(28) ack 418 win 54 <nop,nop,timestamp 1146027592 66074718>
19:16:15.007818 IP School.48853 > wiki.fedoraproject.org.http: . ack
23307 win 818 <nop,nop,timestamp 66074791 1146027592>
This doesn't tell me too much, how about you.
Regards,
Les H
More information about the fedora-list
mailing list