[Masq] Rx errors for masqueraded boxes only

Thu, 11 Apr 2002 23:45:26 -0700 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */

Hi,

Could I please have some pointers to tracing a
masquerade problem in 2.4.18.

The 2.4.18 box connects to the ISP with a 33k Modem
and recieves at approx 3.4kB/s. The computer is 
also on a 10MB lan which tranfers at almost 1MB/s.

However, when the 2.4.18 box masquerades for either
win98, or linux boxes on the lan, the recieved speed
drops to 1-2kB/s and seems to regularly drop packets.
Lan and ppp MTU is 1500.

If I do: /sbin/ip -s link, I get:

2: eth0: <BROADCAST,UP> mtu 1500 qdisc pfifo_fast \
         qlen 100
link/ether 00:60:8c:5a:cd:64 brd ff:ff:ff:ff:ff:ff
RX: bytes  packets  errors  dropped overrun mcast   
5355200    28677    0       0       0       0      
TX: bytes  packets  errors  dropped carrier collsns 
37396713   37649    11      0       0       22     

3: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1500\
         qdisc pfifo_fast qlen 3
link/ppp 
RX: bytes  packets  errors  dropped overrun mcast   
5798545    7226     581     0       0       0      
TX: bytes  packets  errors  dropped carrier collsns 
858592     7067     0       0       0       0 

Note the errors on ppp.

Significantly, when trasfering on the 2.4.18 box,
(at 3.4kB/s) rx errors remains constant. When on
one of the masqueraded boxes, the error count
keeps increasing.

iptable setup (fromMasquerading-Simple-HOWTO.gz):
echo -n "Starting IP masquerading"
echo "1" > /proc/sys/net/ipv4/ip_forward
modprobe iptable_nat
iptables -F; iptables -t nat -F; iptables -t mangle -F
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -A INPUT -m state --state ESTABLISHED, \
RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! ppp0 -j \
ACCEPT
iptables -P INPUT DROP
iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT

(I have also tried the simple:
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
by itself, no difference).

lsmod shows these modules:
ipt_MASQUERADE 
ppp_deflate    
bsd_comp       
ppp_async      
ppp_generic    
slhc           
ipt_mac        
ipt_LOG        
iptable_mangle 
iptable_filter 
iptable_nat    
ip_conntrack   
ip_tables  

Any help would be most appreciated.

Regards,
Mark.

http://messenger.yahoo.com.au - Yahoo! Messenger
- A great way to communicate long-distance for FREE!
_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to