|
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Sorry for the off-topic question, guys, but I really need help with
this one.
I set up a small network of machines (1 WinXP, 1 Mac, 1 Win2k and
various on-and-off laptops). They are connected to the larger network
through a Linux firewall, a Dual PII-266 running Debian-3.0-testing
with a custom-compiled SMP-enabled kernel 2.4.19.
Everything seems find until I mount a Windows share which is behind
the firewall. It works, but when trying to copy large files (>512 MB)
the load gets too big for the firewall and it starts dropping packets,
so Windows drops the file copying. top indicates near-50% system time,
which, to me, indicates that only one CPU is used for packet
filtering. Both CPUs are working and supported by the kernel
(according to /proc/cpuinfo).
Is there anything I can do besides digging into stochastic queueing?
Peter Popov ICQ : 15002700
Personal e-mail : pet### [at] vipbg
TAG e-mail : pet### [at] tagpovrayorg
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Peter Popov wrote:
> Sorry for the off-topic question, guys, but I really need help with
> this one.
>
> I set up a small network of machines (1 WinXP, 1 Mac, 1 Win2k and
> various on-and-off laptops). They are connected to the larger network
> through a Linux firewall, a Dual PII-266 running Debian-3.0-testing
> with a custom-compiled SMP-enabled kernel 2.4.19.
>
> Everything seems find until I mount a Windows share which is behind
> the firewall. It works, but when trying to copy large files (>512 MB)
> the load gets too big for the firewall and it starts dropping packets,
> so Windows drops the file copying. top indicates near-50% system time,
> which, to me, indicates that only one CPU is used for packet
> filtering. Both CPUs are working and supported by the kernel
> (according to /proc/cpuinfo).
>
> Is there anything I can do besides digging into stochastic queueing?
Hmmm that is odd, I have a less powerful FW based on Mandrake 8.2 that can
happily pull down full ISO files at up to 600KB/sec via my cable modem.
Perhaps it is the kernel version you have, do you have a default
uniprocessor kernel you can boot to see if the problem still occurs?
What did you build your FW and NAT rules with?
Are they complex?
--
Your connection failed because: Me no internet, only janitor, me just wax
floors.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Sun, 10 Nov 2002 17:32:15 +1100, Daniel Matthews <dan#@3-e.net>
wrote:
>Hmmm that is odd, I have a less powerful FW based on Mandrake 8.2 that can
>happily pull down full ISO files at up to 600KB/sec via my cable modem.
600KB is not 4 times 100 MBit :)
>Perhaps it is the kernel version you have
2.4.19, SMP-enabled, P-II optimized. Should be fast enough.
>do you have a default uniprocessor kernel you can boot to see if the problem
>still occurs?
I can try that.
>What did you build your FW and NAT rules with?
iptables
>Are they complex?
No, not at all! Here's the relevant part.
$IPTABLES -A FORWARD -i $WAN -o $LAN -m state \
--state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $LAN -o $WAN -j ACCEPT
$IPTABLES -A FORWARD -j LOG
$IPTABLES -t nat -A POSTROUTING -o $WAN -j MASQUERADE
I don't think there's anything in there that would account for the
phenomenon. Maybe I'm looking in the completely wrong place?
Peter Popov ICQ : 15002700
Personal e-mail : pet### [at] vipbg
TAG e-mail : pet### [at] tagpovrayorg
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
In article <toqpsuglri163eispo4rs0q3ecoap5d08u@4ax.com> , Peter Popov
<pet### [at] vipbg> wrote:
> Everything seems find until I mount a Windows share which is behind
> the firewall. It works, but when trying to copy large files (>512 MB)
> the load gets too big for the firewall and it starts dropping packets,
> so Windows drops the file copying.
Well, this should not happen with a TCP connection at all. If a TCP
connection drops during load or with packet loss it might be a low-level
configuration issue on either side. In general TCP allows sending a few
packets while the reception confirmation for some is still outstanding. If
that is disabled or not working properly or you simply are able to send more
packets than the remote site can even buffer you can end up in a little
mess.
I would suggest to configure the data sending side (both sides send data,
but I am referring to that sending the huge amount) to always wait before
sending new packets. I don't know at all how to configure that in Linux,
but every TCP layer should offer such a setting.
Thorsten
____________________________________________________
Thorsten Froehlich, Duisburg, Germany
e-mail: tho### [at] trfde
Visit POV-Ray on the web: http://mac.povray.org
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Just had a customer call with the exact same problem - Windows XP
Professional on a Windows 2000 Active Directory, file sharing
connections dropping on long files. And no Linux involved whatsoever.
So I was as wrong as one could ever be.
Peter Popov ICQ : 15002700
Personal e-mail : pet### [at] vipbg
TAG e-mail : pet### [at] tagpovrayorg
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
|
|