On 2/4/2015 12:56 PM, Robin Helgelin wrote: > On 4 feb 2015, at 21:34, Tom Eastep <[email protected]> wrote: >> >> On 2/3/2015 11:12 AM, Robin Helgelin wrote: >>> On 31 jan 2015, at 17:58, Tom Eastep <[email protected]> >>> wrote: >>>> As the next experiment, please capture the session on both the >>>> IMAP server and on the firewall's external interface. That way, >>>> we can compare what the two boxes are seeing. After the test, >>>> please also capture the output of 'shorewall show >>>> connections’. >>> >>> Ok, here are three files, firewall.txt which is logged on the >>> firewall, mail-server.txt from the mail server, and connections >>> that shows the output of the connections command. >>> >>> The log is from a inbox-refresh using my iPhone. >> >> I see nothing wrong here. To make any progress, we are going to >> need to see dumps taken while the problem is happening. > > I’ve done some more testing and there are no slowdowns when > communicating between the internal server and the firewall inbound > and outbound. The only slowdown is when communicating with the > internal server using the DNAT-ports and it’s only outbound from the > server. > > The problem is 100% consistent. It’s easiest to copying a file with > SCP. Copying a file to the server I’m throttled by my outgoing speed > from home, when copying a file from the server throttles as 4KB/s > > While writing this I got and idea and also tested copying a file from > the internal server to another external server placed elsewhere and > got the same throttle around 4KB/s so maybe the problem isn’t the > DNAT by itself but the SNAT/Masq part?
I doubt that it has anything to do with address translation. Can you please capture the session on both the LAN and WAN interfaces during one of these slow transfers? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
