Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: iptables: User
Time Response
 

Index | Next | Previous | View Flat


florent at arcimex

Jul 24, 2001, 8:23 AM


Views: 399
Permalink
Time Response

I m sorry if this mails is a clone because a had problems with the mail server.

So, here is my problem :
During my FW tests, I noticed that a new connection through the firewall was a bit long to be established, an example :

A box pings through the firewall and waits for response,
The FW don't even see the connection beginning during ~5 sec,
The FW sees the connections FORWARD Table packets increasing,
The ping-box receives many pongs a a short time and then receives the others normally.

If I try to ping again a short time after everything's OK.
I saw this behaviour for a couple of protocoles (POP3, SMTP ..).

I seems to me that the conection tracking module takes too much time to register the connection and when it has done his work enables the packet flow.
But maybe, I'm wrong.
The problem is that my FW does SNAT and I can't live without connection tracking

Is this behaviour normal??
Have I missed something in the configuration??
Have anyone faced the same problem???
What can I do to decrease this latency??

My Firewall runs on a RH 7.0 box with kernel 2.4.6 and iptables v1.1.1
with 3 NICS for inet, local and dmz.
Every packet FORWARDING stuff works greatfully except for the latency.


Every response will be appreciated

Florent

Subject User Time
Time Response florent at arcimex Jul 24, 2001, 8:23 AM
    Re: Time Response tearnshaw at landis Jul 25, 2001, 12:09 AM

  Index | Next | Previous | View Flat
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.