El mié, 18-11-2009 a las 07:27 -0500, Alfonso de la Guarda escribió: > Hola, > > Hace algunos días me cambiaron el router que tenía por otro, ya que el > primero tenía serios problemas, el nuevo es un Zyxel 660HW-T1 v3, un > modelo actualizado en firmware de la antigua serie con algunas mejoras > en software (supuestamente). Mi problema, es que desde hace varios > años bajo regularmente MUCHOS torrents y en mi casa hay cerca de 6 > equipos inalámbricos (entre laptops y consolas: Wii, XBOX) y 2 > desktops, nunca había tenido problemas, sin embargo desde el cambio en > cuestión se siente dramáticamente una baja del rendimiento global de > la red, especialmente en redes p2p (y particularmente con los > torrent). > Curiosamente he hecho pruebas con Linux (Mandriva/Ubuntu) y Windows > por lo que he notado que el primero satura la cantidad de puestos NAT > del router haciendo peticiones de diverso tipo, especialmente UDP, lo > que hace que al llegar al máximo de sockets el router ya no pueda > establecer nuevas conexiones en tanto se liberen las anteriores (eso > toma 180 segundos), en consecuencia el rendimiento de la red se > degrada dramáticamente, resultando en pérdida de paquetes o DUPs. > Desde el router, entrando al CLI del ZynOS puedo llegar a comprobar > que efectivamente la cantidad de puestos llegan a su máximo (2048 > ahora, ya que cambié ese parámetro puesto que por defecto es 1024), > muchas de dichas conexiones son UDP. > Pensé que el problema era Ubuntu, pero lo mismo sucede con Mandriva, > así que sólo me queda pensar que es algo más (algún servicio?), > adicionalmente Mandriva me mostró un mensaje en su firewall integrado > acerca de un scaneo externo mediante la wlan, solicitándome que lo > bloquee. > > Los servicios activados en Ubuntu son: > > > acpi-support Yes INIT script to check whether we're on batteries, > and so start with laptop mode etc enabled. BUGS: unless we start > *really* late, we have no way of throttling xscreensaver, since it > won't be there to command. > acpid Yes upstart-job > alsa-utils No This script stores and restores mixer levels on > anacron Yes upstart-job > apache2 No Start/stop apache2 web server > apmd Yes Advanced Power Management (APM) daemon > apparmor No AppArmor init script. This script loads all > AppArmor profiles. > apport Yes upstart-job > atd Yes upstart-job > avahi-daemon Yes upstart-job > binfmt-support Yes Enable support for extra binary formats using > the Linux > bluetooth Yes Start bluetoothd > bootlogd No Starts or stops the bootlogd log program > brltty No Used to provide access to refreshable braille terminals. > console-setup No Set console font and keymap > cron Yes upstart-job > cryptdisks No > cryptdisks-early No > cryptdisks-enable Yes upstart-job > cups Yes CUPS Printing spooler and server > dbus Yes upstart-job > dkms_autoinstaller Yes A service to automatically install DKMS > modules for new kernels. > dmesg Yes upstart-job > dns-clean Yes 0dns-up often leaves behind some cruft. This > Script is meant > gdm Yes upstart-job > grub-common Yes GRUB displays the boot menu at the next boot if > it > hal Yes upstart-job > halt No > hwclock Yes upstart-job > hwclock-save Yes upstart-job > kerneloops Yes A tool that collects and submits kernel crash > keyboard-setup No Set the console keyboard as early as possible > killprocs No executed by init(8) upon entering runlevel 1 > (single). > laptop-mode Yes Enable laptop-mode-tools power management > functions > module-init-tools Yes upstart-job > mysql No Controls the main MySQL database server daemon "mysqld" > network-manager Yes upstart-job > networking No Raise network interfaces. > ondemand Yes Set the CPU Frequency Scaling governor to > "ondemand" > pcmciautils No This service provides PCMCIA hardware support > for > policykit No Create directories which PolicyKit needs at > runtime, > postfix No postfix is a Mail Transport agent > postgresql-8.4 No PostgreSQL 8.4 RDBMS server > pppd-dns No Restore resolv.conf if the system crashed. > procps Yes upstart-job > pulseaudio Yes System mode startup script for > rc.local Yes Run /etc/rc.local if it exist > reboot No > rsync Yes rsync is a program that allows files to be copied to and > rsyslog Yes upstart-job > rsyslog-kmsg Yes upstart-job > saned No saned makes local scanners available over the > screen-cleanup No screen sessions cleaning > sendsigs No > single No executed by init(8) upon entering runlevel 1 (single). > speech-dispatcher Yes Common interface to speech synthesizers > sreadahead Yes upstart-job > stop-bootlogd No See the init.d/bootlogd script > stop-bootlogd-single No See the init.d/bootlogd script > udev Yes upstart-job > udev-finish Yes upstart-job > udevmonitor Yes upstart-job > udevtrigger Yes upstart-job > ufw Yes upstart-job > umountfs No > umountnfs.sh No Also unmounts all virtual filesystems (proc, > devfs, > umountroot No Mount the root filesystem read-only. > unattended-upgrades No Check if unattended upgrades are being > applied > urandom No This script saves the random seed between > restarts. > usplash Yes upstart-job > vboxdrv Yes VirtualBox Linux kernel module > webmin No Start/stop Webmin > winbind Yes start Winbind daemon > wpa-ifupdown No Run ifdown on interfaces authenticated via > x11-common No > > El extracto del log de tráfico de red es: > > Wed Nov 18 06:58:12 2009; ******** IP traffic monitor started ******** > Wed Nov 18 06:58:12 2009; UDP; wlan0; 95 bytes; from > 89.229.155.35:11017 to 192.168.1.36:26582 > Wed Nov 18 06:58:12 2009; TCP; wlan0; 48 bytes; from > 201.17.51.254:59561 to 192.168.1.36:26582; first packet (SYN) > Wed Nov 18 06:58:12 2009; UDP; wlan0; 131 bytes; from > 88.64.17.220:63456 to 192.168.1.36:10012 > Wed Nov 18 06:58:12 2009; TCP; wlan0; 89 bytes; from > 174.36.30.66:https to 192.168.1.36:32961; first packet > Wed Nov 18 06:58:12 2009; TCP; wlan0; 52 bytes; from > 174.36.30.66:https to 192.168.1.36:32961; FIN sent; 2 packets, 141 > bytes, avg flow rate 0.00 kbytes/s > Wed Nov 18 06:58:12 2009; TCP; wlan0; 52 bytes; from > 192.168.1.36:32961 to 174.36.30.66:https; first packet > Wed Nov 18 06:58:12 2009; UDP; wlan0; 83 bytes; from > 195.39.211.94:6881 to 192.168.1.36:14441 > Wed Nov 18 06:58:12 2009; UDP; wlan0; 72 bytes; from > 192.168.1.36:56808 to 200.48.225.130:domain > Wed Nov 18 06:58:12 2009; UDP; wlan0; 71 bytes; from > 192.168.1.36:33120 to 200.48.225.130:domain > Wed Nov 18 06:58:12 2009; UDP; wlan0; 72 bytes; from > 192.168.1.36:55274 to 200.48.225.130:domain > Wed Nov 18 06:58:12 2009; UDP; wlan0; 71 bytes; from > 192.168.1.36:56425 to 200.48.225.130:domain > Wed Nov 18 06:58:12 2009; UDP; wlan0; 71 bytes; from > 192.168.1.36:58626 to 200.48.225.130:domain > Wed Nov 18 06:58:12 2009; UDP; wlan0; 72 bytes; from > 192.168.1.36:48623 to 200.48.225.130:domain > Wed Nov 18 06:58:12 2009; UDP; wlan0; 73 bytes; from > 192.168.1.36:49323 to 200.48.225.130:domain > Wed Nov 18 06:58:12 2009; UDP; wlan0; 148 bytes; from > 200.48.225.130:domain to 192.168.1.36:33120 > Wed Nov 18 06:58:12 2009; UDP; wlan0; 106 bytes; from > cachewas.tdp.net.pe:domain to paradox-ictec.local:49323 > Wed Nov 18 06:58:12 2009; IGMP; wlan0; 46 bytes; from 192.168.1.1 to 224.0.0.1 > Wed Nov 18 06:58:12 2009; UDP; wlan0; 70 bytes; from > paradox-ictec.local:54885 to cachewas.tdp.net.pe:domain > Wed Nov 18 06:58:12 2009; UDP; wlan0; 68 bytes; from > paradox-ictec.local:57402 to cachewas.tdp.net.pe:domain > Wed Nov 18 06:58:12 2009; UDP; wlan0; 217 bytes; from > cachewas.tdp.net.pe:domain to paradox-ictec.local:58626 > Wed Nov 18 06:58:12 2009; UDP; wlan0; 147 bytes; from > cachewas.tdp.net.pe:domain to paradox-ictec.local:54885 > Wed Nov 18 06:58:12 2009; UDP; wlan0; 280 bytes; from > cachewas.tdp.net.pe:domain to paradox-ictec.local:57402 > Wed Nov 18 06:58:12 2009; IGMP; wlan0; 32 bytes; from > paradox-ictec.local to 224.0.0.251 > Wed Nov 18 06:58:12 2009; UDP; wlan0; 70 bytes; from > paradox-ictec.local:37225 to cachewas.tdp.net.pe:domain > Wed Nov 18 06:58:12 2009; UDP; wlan0; 124 bytes; from > cachewas.tdp.net.pe:domain to paradox-ictec.local:56425 > Wed Nov 18 06:58:12 2009; UDP; wlan0; 128 bytes; from > cachewas.tdp.net.pe:domain to paradox-ictec.local:37225 > Wed Nov 18 06:58:12 2009; UDP; wlan0; 88 bytes; from > paradox-ictec.local:mdns to 224.0.0.251:mdns > Wed Nov 18 06:58:12 2009; UDP; wlan0; 186 bytes; from > cachewas.tdp.net.pe:domain to paradox-ictec.local:56808 > Wed Nov 18 06:58:12 2009; IGMP; wlan0; 32 bytes; from 192.168.1.34 to > 239.255.255.250 > Wed Nov 18 06:58:12 2009; IGMP; wlan0; 32 bytes; from 192.168.1.34 to > 224.0.0.252 > Wed Nov 18 06:58:12 2009; UDP; wlan0; 71 bytes; from > paradox-ictec.local:52721 to cachewas.tdp.net.pe:domain > Wed Nov 18 06:58:12 2009; UDP; wlan0; 70 bytes; from > paradox-ictec.local:37079 to cachewas.tdp.net.pe:domain > Wed Nov 18 06:58:12 2009; UDP; wlan0; 74 bytes; from > paradox-ictec.local:55827 to cachewas.tdp.net.pe:domain > > > Extracto del log del router desde el CLI: > > 1420 UDP 192.168.1.34 :26582 201.230.151.169:10012 83.18.250.114 :54067 > 275 > 1421 TCP 192.168.1.34 :51417 201.230.151.169:18518 201.231.114.177:25550 0 > 1422 UDP 192.168.1.34 :26582 201.230.151.169:10012 91.121.3.115 :6881 > 272 > 1423 UDP 192.168.1.34 :26582 201.230.151.169:10012 86.211.135.8 :23353 > 263 > 1424 UDP 192.168.1.34 :26582 201.230.151.169:10012 220.233.196.44 :10746 > 267 > 1425 UDP 192.168.1.34 :26582 201.230.151.169:10012 202.198.184.197:16001 > 266 > 1426 TCP 192.168.1.34 :51384 201.230.151.169:18486 201.231.114.177:25550 1 > 1427 UDP 192.168.1.34 :26582 201.230.151.169:10012 80.48.33.10 :2257 > 276 > 1429 UDP 192.168.1.36 :26582 201.230.151.169:26582 86.8.112.133 :4982 > 164 > 1430 TCP 192.168.1.34 :51444 201.230.151.169:18545 89.103.134.155 :48397 1 > 1433 TCP 192.168.1.34 :51443 201.230.151.169:18544 97.127.251.90 :6881 1 > 1434 UDP 192.168.1.36 :17270 201.230.151.169:17270 195.39.211.94 :6881 > 295 > 1435 TCP 192.168.1.34 :51148 201.230.151.169:18253 91.8.230.128 :13662 65 > 1436 UDP 192.168.1.36 :26582 201.230.151.169:26582 83.168.68.172 :46982 > 236 > 1437 UDP 192.168.1.36 :26582 201.230.151.169:26582 124.168.90.125 :21415 78 > 1438 TCP 192.168.1.34 :51113 201.230.151.169:18215 92.10.78.166 :28140 73 > 1439 UDP 192.168.1.36 :26582 201.230.151.169:26582 68.151.102.19 :11470 > 300 > > > > El snapshot de la alerta está en: > > http://www.flickr.com/photos/alfonsodg/4114111183/ > > > Las cuestiones son: > - Alguien ha estudiado esto? > - Qué servicios son los que hacen las peticiones domain y mdns?, se > pueden desactivar?, se pueden bloquear (sin afectar el rendimiento de > la red Linux)? > - Por qué el mensaje de advertencia de Mandriva? > - Alguna otra consideración, idea? > > Yo veo el problema algo serio si es que muchos que estan en telefónica > cambian su router pues van a ver un bajón del rendimiento de la red > gracias a esta saturación de puestos NAT que hace Linux para el caso > particular de los nuevos Zyxel? > > > Saludos, >
Bueno investigando en la internet encontré algo relacionado con tu problema: " SPI firewalls are inherently bad for gaming. The inspection process is slow, which introduces extra latency and even if you can connect with it enabled, it will likely cause lag spikes in bigger games, 4v4 + 5v5. Not only that, may router has an option in its WAN configuration, "Disable Port Scan and DOS Protection". If I DO NOT disable "Port Scan and DOS Protection" and I play almost any game (TF2, Left4Dead, Warcraft III, Starcraft, Demigod) the router flags thousands of packets in the router log as DOS attack attempts and drops them, resulting in massive lag spikes in these games (5-30 seconds). Ofcourse, all these issues are totally bypassed connecting via PPPoE from your PC as opposed to using your routers NAT and letting your OS and a software firewall handle all these issues. For many people, including myself, this is not a permanent solution though. My ISP only allows 1 connection on my internet account, meaning only 1 PC can be on the net at a time, solved by letting my router act as a gateway (NAT). IMO, router manufacturers are still pretty retarded when it comes to making games oriented routers. Security features always get in the way of gaming." dale una leída al siguiente thread, te dará algo mas de información acerca de ese problema. Saludos. FMAQ. > -------------------------------- > Alfonso de la Guarda > Centro Open Source(COS) > http://delaguarda.info > http://alfonsodg.wordpress.com > Agenda:http://tinyurl.com/djmjol > Telef. 991935157 > 1024D/B23B24A4 > 5469 ED92 75A3 BBDB FD6B 58A5 54A1 851D B23B 24A4 > _______________________________________________ > Lista de correo Linux-plug > Temática: Discusión general sobre Linux > Peruvian Linux User Group (http://www.linux.org.pe) > > Participa suscribiéndote y escribiendo a: [email protected] > Para darte de alta, de baja o hacer ajustes a tu suscripción visita: > http://listas.linux.org.pe/mailman/listinfo/linux-plug > > IMPORTANTE: Reglas y recomendaciones > http://www.linux.org.pe/listas/reglas.php > http://www.linux.org.pe/listas/comportamiento.php > http://www.linux.org.pe/listas/recomendaciones.php > _______________________________________________ Lista de correo Linux-plug Temática: Discusión general sobre Linux Peruvian Linux User Group (http://www.linux.org.pe) Participa suscribiéndote y escribiendo a: [email protected] Para darte de alta, de baja o hacer ajustes a tu suscripción visita: http://listas.linux.org.pe/mailman/listinfo/linux-plug IMPORTANTE: Reglas y recomendaciones http://www.linux.org.pe/listas/reglas.php http://www.linux.org.pe/listas/comportamiento.php http://www.linux.org.pe/listas/recomendaciones.php
