Re: [masq] Behind the firewall speeds

David A. Ranch Wed, 2 Sep 1998 20:40:32 -0400


>The question is "Should I expect a big hit in performance with using
>ipmasquerading with a fast cable modem"?

You probably haven't optimized your TCP window size in Linux.
Why this isn't set as default on ALL Linux distributions beats me.

Please let us know if this helps!

Also.. if you are using a strong IPFWADM ruleset, you rules might
not be properly ordered.

--David


>From [Section 15] of http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri

        NOTE:  This is from a new version of TrinityOS that hasn't
                been put up yet.  The old version didn't account for
                the init-scripts RPM changing the /sbin/ip-up file.

--
Network Optimization:

Both Slackware and Redhat, out of the box, do NOT optimize the TCP/IP
window size.  This can make a BIG difference with performance:

Redhat5:

        NOTE:  Users that have NOT installed the initscripts-3.67-1.i386.rpm
                 patch RPM, the correct line numbers will be 119 and 134.  
                 Personally, I recommend that you just install the RPM NOW!


        Edit "/etc/sysconfig/network-scripts/ifup" and around 
                lines 134, 136, and 149, find the lines:

                "route add -net ${NETWORK} netmask ${NETMASK} ${DEVICE}"
                                                and
                "route add -host ${IPADDR} ${DEVICE}"
                                                and
                "route add default gw ${GATEWAY} ${DEVICE}"

        and change them to:

                "route add -net ${NETWORK} netmask ${NETMASK} window 8192 ${DEVICE}"
                                                and
                "route add -host ${IPADDR} window 8192 ${DEVICE}"
                                                and
                "route add default gw ${GATEWAY} window 8192 ${DEVICE}"


Slackware:

        Edit /etc/rc.d/rc.inet1" and around lines 47 and 49, find the
                following text (note:  your setup might look a little different
                so make any changes that are needed for your setup)

                "/sbin/route add -net ${NETWORK} netmask ${NETMASK} eth0"
                                                and
                "if [ ! "$GATEWAY" = "" ]; then
                   /sbin/route add default gw ${GATEWAY} netmask 0.0.0.0 metric 1
                fi"

                and replace them with the following:

                "/sbin/route add -net ${NETWORK} netmask ${NETMASK} window 8192 eth0"
                                                and
                "if [ ! "$GATEWAY" = "" ]; then
                   /sbin/route add default gw ${GATEWAY} netmask 0.0.0.0 window 8192 
metric 1
                fi"



.----------------------------------------------------------------------------.
|  David A. Ranch - Remote Access/Linux/PC hardware      [EMAIL PROTECTED]  |
!----                                                                    ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
Re: [masq] Behind the firewall speeds

Reply via email to
