Nathan, I also saw two replied to your question, one was about the reverse lookup of your client and the other was the ident query. Both are valid possibilities. What does tcpdump show?
BTW, the NAT is not doing anything weird here as the same NAT would be applied to your non-TCP packets which, you say, are not showing any delay.. Ramin On Tue, Jun 11, 2002 at 08:54:25AM -0700, Nathan Cassano wrote: > > Ramin wrote: > > > First you have to find out what the reason of this delay is. Eg, is > this > > because of the load on the server or the client or is it because of > the > > poor layer 2 medium (lots of collisions...) or any other reason. > The load on the our switch is low. 99% idle on the firewall, and 90% on > the internal web server, both dual PIII's. > > > Are you here implying that the delay is because of the NAT'ed > architecture? > That is my suspicion. I recall Linux NAT doing this type of thing > before. > > > What does a simple ping show delay-wise? > Nothing irregular, all the ping times are the same. > > > What is the routing to and from that external host? Is it asymmetric? > Static routing, one external network device. > > > What happens if you connect to this external host from the external > interface of the firewall itself? > > Are you still experiencing delays? > Yes, the same delay is present connecting from the firewall. > > > Is this only happening with TCP or all types of packets would have the > same delay? > Doing DNS queries using the dig program to our external DNS server is > fast. It seems > to be a delay in sending initial TCP data.
