Thank you for Shorewall I am using 4.6.4 on Debian Jessie (stable). The firewall is in a bridged Xen DomU, with two physical internet facing interfaces, one PPP and the other dynamically configured with DHCP.
Everything has been working fine until I added DNAT. My rules file has this line: DNAT net:eth3 dmz:81.63.145.197 tcp 80,443,8080 With DNAT I am seeing a lot of retransmissions and dups Traffic towards this interface is very slow. Waterfall view of a web-page access ==> http://www.webpagetest.org/result/160306_C9_101B/1/details/ Shoreline dump attached. Link to tcpdump from above waterfall ==> https://drive.google.com/file/d/0B-r0kOumKPg2b2tPSzYtb3ppTDJaSHBQSzRMVl9lWTc4clV3/view?usp=sharing Thanks again, John Candlish .
shorewall.dump.gz
Description: GNU Zip compressed data
------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://makebettercode.com/inteldaal-eval
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
