I use SuSE as a firewall and encountered anemic FTP sessions going from the SuSE firewall to a number of different Linux clients. I checked ipchains, routing, etc. Nothing helped. Then I stumbled onto mention that the 2.2 kernel TCP/IP operated with different defaults and that changing a parameter in the /proc filesystem might help. Check out the info at: Pittsburgh Supercomputing Center (PSC), Carnegie Mellon University URL: http://www.psc.edu/networking/perf_tune.html The solution for my timeouts, stalls, and 1/4 speed ftp sessions was: echo 0 > /proc/sys/net/ipv4/tcp_timestamps Voila! Back to the speeds I expected. I put the above statement in the rc scripts and have been happy ever since. Scott (sig below) On 20 Jun 00, at 22:28, Anurag Jalan wrote:
Hi all,
I have scanned the archives but couldn't find a solution . A word about my setup. 8 Win98s on a 192.168.1.x network 1 Redhat 6.2 box with 2 NICS .. 192.168.1.254 & 192.168.32.254 ( Intranet Server & Router ) 1 SuSe 6.4 box .. 192.168.32.1 & ISDN TA gateway ... ( Firewall )
Masquerading is enabled on both the Linux boxes.. and the ip_masq_ftp module is loaded on both machines too..
From the Win98s all the apps work great, except FTP which is needed to upload files to our Web hosting company . I've tried both Active & passive modes and a dozn different FTP clients, like WS-FTP Pro 6.0, Cute FTP . But the file transfer is at best erratic.. works ok for small file transfers.. but even then the 'ls' output on the remote stalls after the transfer ..
Can anyone help me ?
Regards
Anurag
-----The filtering Rules----- On the Redhat Box the ipchains rule is :
ipchains -A forward -j MASQ -s 192.168.1.0/24 -d 0.0.0.0/0 ---------- On the SuSE box ( using firewals for SuSE )
Chain input (policy DENY): target prot opt source destination ports ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a DENY all ----l- 203.197.102.229 0.0.0.0/0 n/a DENY all ----l- 192.168.32.0/24 0.0.0.0/0 n/a DENY all ----l- 192.168.32.0/24 0.0.0.0/0 n/a DENY all ------ 192.168.32.1 0.0.0.0/0 n/a DENY all ------ 203.197.102.229 0.0.0.0/0 n/a DENY all ----l- 127.0.0.0/8 0.0.0.0/0 n/a DENY all ----l- 0.0.0.0/0 127.0.0.0/8 n/a ACCEPT icmp ----l- 203.197.102.229 0.0.0.0/0 4 -> * ACCEPT icmp ----l- 0.0.0.0/0 203.197.102.229 8 -> * ACCEPT icmp ------ 0.0.0.0/0 203.197.102.229 0 -> * ACCEPT icmp ------ 0.0.0.0/0 203.197.102.229 3 -> * ACCEPT icmp ------ 0.0.0.0/0 203.197.102.229 11 -> * ACCEPT icmp ------ 0.0.0.0/0 203.197.102.229 12 -> * ACCEPT icmp ------ 0.0.0.0/0 192.168.32.1 0 -> * ACCEPT icmp ------ 0.0.0.0/0 192.168.32.1 3 -> * ACCEPT icmp ------ 0.0.0.0/0 192.168.32.1 11 -> * ACCEPT icmp ------ 0.0.0.0/0 192.168.32.1 12 -> * ACCEPT icmp ----l- 0.0.0.0/0 192.168.32.1 4 -> * ACCEPT icmp ------ 0.0.0.0/0 192.168.32.1 8 -> * REJECT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 113 DENY tcp -y--l- 0.0.0.0/0 203.197.102.229 * -> 22 DENY tcp ------ 0.0.0.0/0 203.197.102.229 * -> 22 DENY tcp -y--l- 0.0.0.0/0 203.197.102.229 * -> 25 DENY tcp ------ 0.0.0.0/0 203.197.102.229 * -> 25 DENY tcp -y--l- 0.0.0.0/0 203.197.102.229 * -> 80 DENY tcp ------ 0.0.0.0/0 203.197.102.229 * -> 80 DENY tcp -y--l- 0.0.0.0/0 203.197.102.229 * -> 113 DENY tcp ------ 0.0.0.0/0 203.197.102.229 * -> 113 DENY tcp -y--l- 0.0.0.0/0 203.197.102.229 * -> 515 DENY tcp ------ 0.0.0.0/0 203.197.102.229 * -> 515 DENY tcp -y--l- 0.0.0.0/0 203.197.102.229 * -> 6000 DENY tcp ------ 0.0.0.0/0 203.197.102.229 * -> 6000 ACCEPT tcp -y--l- 0.0.0.0/0 203.197.102.229 * -> 1024:65535 ACCEPT tcp ------ 0.0.0.0/0 203.197.102.229 * -> 1024:65535 DENY tcp -y--l- 0.0.0.0/0 192.168.32.1 * -> 22 DENY tcp ------ 0.0.0.0/0 192.168.32.1 * -> 22 DENY tcp -y--l- 0.0.0.0/0 192.168.32.1 * -> 25 DENY tcp ------ 0.0.0.0/0 192.168.32.1 * -> 25 DENY tcp -y--l- 0.0.0.0/0 192.168.32.1 * -> 80 DENY tcp ------ 0.0.0.0/0 192.168.32.1 * -> 80 DENY tcp -y--l- 0.0.0.0/0 192.168.32.1 * -> 113 DENY tcp ------ 0.0.0.0/0 192.168.32.1 * -> 113 DENY tcp -y--l- 0.0.0.0/0 192.168.32.1 * -> 515 DENY tcp ------ 0.0.0.0/0 192.168.32.1 * -> 515 DENY tcp -y--l- 0.0.0.0/0 192.168.32.1 * -> 6000 DENY tcp ------ 0.0.0.0/0 192.168.32.1 * -> 6000 ACCEPT tcp -y--l- 0.0.0.0/0 0.0.0.0/0 * -> 1024:65535 ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 1024:65535 ACCEPT tcp !y---- 0.0.0.0/0 192.168.32.1 * -> 600:65535 ACCEPT tcp !y---- 0.0.0.0/0 203.197.102.229 * -> 600:65535 ACCEPT tcp !y---- 0.0.0.0/0 192.168.32.1 * -> 20 ACCEPT tcp !y---- 0.0.0.0/0 203.197.102.229 * -> 20 DENY udp ----l- 0.0.0.0/0 203.197.102.229 * -> 161 ACCEPT udp ------ 202.54.9.1 203.197.102.229 53 -> 1024:65535 DENY udp ----l- 0.0.0.0/0 192.168.32.1 * -> 161 ACCEPT udp ------ 0.0.0.0/0 0.0.0.0/0 * -> 1024:65535 DENY all ------ 192.168.32.0/24 192.168.32.1 n/a DENY all ------ 192.168.32.0/24 203.197.102.229 n/a ACCEPT all ------ 192.168.32.0/24 0.0.0.0/0 n/a DENY all ----l- 0.0.0.0/0 192.168.32.0/24 n/a DENY all ----l- 0.0.0.0/0 192.168.32.0/24 n/a DENY all ------ 0.0.0.0/0 255.255.255.255 n/a DENY all ------ 255.255.255.255 0.0.0.0/0 n/a DENY all ------ 0.0.0.0/0 !203.197.102.229 n/a DENY icmp ----l- 0.0.0.0/0 0.0.0.0/0 4 -> * DENY icmp ----l- 0.0.0.0/0 0.0.0.0/0 5 -> * DENY icmp ----l- 0.0.0.0/0 0.0.0.0/0 8 -> * DENY icmp ----l- 0.0.0.0/0 0.0.0.0/0 11 -> * DENY tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 135:139 DENY tcp -y--l- 0.0.0.0/0 0.0.0.0/0 * -> * DENY udp ------ 0.0.0.0/0 0.0.0.0/0 * -> 135:139 DENY udp ----l- 0.0.0.0/0 0.0.0.0/0 * -> * DENY all ------ 0.0.0.0/0 0.0.0.0/0 n/a Chain forward (policy DENY): target prot opt source destination ports fw_masq all ------ 192.168.32.0/24 0.0.0.0/0 n/a DENY tcp -y--l- 0.0.0.0/0 0.0.0.0/0 * -> * DENY all ------ 0.0.0.0/0 0.0.0.0/0 n/a Chain output (policy ACCEPT): target prot opt source destination ports ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a DENY icmp ----l- 203.197.102.229 0.0.0.0/0 11 -> * ACCEPT icmp ------ 0.0.0.0/0 0.0.0.0/0 * -> * ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 22 -> * ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 22 ACCEPT udp ------ 0.0.0.0/0 0.0.0.0/0 * -> 514 ACCEPT udp ------ 0.0.0.0/0 0.0.0.0/0 * -> 162 ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 20 -> * ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 80 -> * Chain fw_masq (1 references): target prot opt source destination ports MASQ all ------ 0.0.0.0/0 0.0.0.0/0 n/
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
==================== Scott A. Martin NOESIS Open Systems noesis@inaxx.net 877-852-3612 ==================== -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/