Hi,
I'm trying to masquerade a cable modem connection (static IP) with a
couple other boxes. Problem is, from a masq'ed box, the Internet seems
to work in "spurts" -- i.e. I can access a Web page and/or check my
mail, and it will usually complete the transaction... but then I try to
access anything else, and it will either be excruciatingly slow or it
won't work at all. That's for a LONG time -- maybe 10 minutes to a half
hour (haven't timed it). Then if I wait a while and try it again, I'll
get another "spurt". When the spurts happen, performance seems to be OK
-- I got 68 POP mail messages rather quickly.
The setup -- server has only one ethernet card, which seems like it
could be the problem except that that doesn't quite explain why I get
either decent performance or practically none. Also the server has only
one interface, eth0, which is set to my static IP given by the cable
company. I didn't attempt to configure eth0:0 with a local net
address. I dunno if that would help. Although when they move me to
dynamic (whenever they get DHCP working) I'll probably have to do that.
Here's the script on the server that gets executed on boot.... it sets
up all the masq stuff. It's pretty much straight from the HOWTO with a
couple minor modifications (like the local net address = 192.168.1.x and
uncommenting a modprobe for IRC).
Thanks for any ideas.
#!/bin/sh
#
# rc.firewall - Initial SIMPLE IP Masquerade test for 2.1.x and 2.2.x
kernels
# using IPCHAINS
#
# Load all required IP MASQ modules
#
# NOTE: Only load the IP MASQ modules you need. All current IP MASQ
modules
# are shown below but are commented out from loading.
# Needed to initially load modules
#
/sbin/depmod -a
# Supports the proper masquerading of FTP file transfers using the PORT
method
#
/sbin/modprobe ip_masq_ftp
# Supports the masquerading of RealAudio over UDP. Without this module,
# RealAudio WILL function but in TCP mode. This can cause a
reduction
# in sound quality
#
/sbin/modprobe ip_masq_raudio
# Supports the masquerading of IRC DCC file transfers
#
/sbin/modprobe ip_masq_irc
# Supports the masquerading of Quake and QuakeWorld by default. This
modules is
# for for multiple users behind the Linux MASQ server. If you are
going to
# play Quake I, II, and III, use the second example.
#
# NOTE: If you get ERRORs loading the QUAKE module, you are running
an old
# ----- kernel that has bugs in it. Please upgrade to the newest
kernel.
#
#Quake I / QuakeWorld (ports 26000 and 27000)
#/sbin/modprobe ip_masq_quake
#
#Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960)
#/sbin/modprobe ip_masq_quake 26000,27000,27910,27960
# Supports the masquerading of the CuSeeme video conferencing software
#
#/sbin/modprobe ip_masq_cuseeme
#Supports the masquerading of the VDO-live video conferencing software
#
#/sbin/modprobe ip_masq_vdolive
#CRITICAL: Enable IP forwarding since it is disabled by default since
#
# Redhat Users: you may try changing the options in
# /etc/sysconfig/network from:
#
# FORWARD_IPV4=false
# to
# FORWARD_IPV4=true
#
echo "1" > /proc/sys/net/ipv4/ip_forward
#CRITICAL: Enable automatic IP defragmenting since it is disabled by
default
# in 2.2.x kernels. This used to be a compile-time option but
the
# behavior was changed in 2.2.12
#
echo "1" > /proc/sys/net/ipv4/ip_always_defrag
# Dynamic IP users:
#
# If you get your IP address dynamically from SLIP, PPP, or DHCP,
enable this # following option. This enables dynamic-ip address
hacking in IP MASQ,
# making the life with Diald and similar programs much easier.
#
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# Enable the LooseUDP patch which some Internet-based games require
#
# If you are trying to get an Internet game to work through your IP
MASQ box,
# and you have set it up to the best of your ability without it
working, try
# enabling this option (delete the "#" character). This option is
disabled
# by default due to possible internal machine UDP port scanning
# vunerabilities.
#
#echo "1" > /proc/sys/net/ipv4/ip_masq_udp_dloose
# MASQ timeouts
#
# 2 hrs timeout for TCP session timeouts
# 10 sec timeout for traffic after the TCP/IP "FIN" packet is received
# 160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users)
#
/sbin/ipchains -M -S 7200 10 160
# DHCP: For people who receive their external IP address from either
DHCP or
# BOOTP such as ADSL or Cablemodem users, it is necessary to use
the
# following before the deny command. The
"bootp_client_net_if_name"
# should be replaced the name of the link that the DHCP/BOOTP
server
# will put an address on to? This will be something like "eth0",
# "eth1", etc.
#
# This example is currently commented out.
#
#
#/sbin/ipchains -A input -j ACCEPT -i bootp_clients_net_if_name -s 0/0
67 -d 0/0 68 -p udp
# Enable simple IP forwarding and Masquerading
#
# NOTE: The following is an example for an internal LAN address in the
# 192.168.0.x network with a 255.255.255.0 or a "24" bit subnet
mask
# connecting to the Internet on interface eth0.
#
# ** Please change this network number, subnet mask, and your
Internet
# ** connection interface name to match your internal LAN setup
#
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -i eth0 -s 192.168.1.0/24 -j MASQ
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
