Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: iptables: User
Time Response

Index | Next | Previous | View Flat

florent at arcimex

Jul 24, 2001, 8:23 AM

Views: 571
Time Response

I m sorry if this mails is a clone because a had problems with the mail server.

So, here is my problem :
During my FW tests, I noticed that a new connection through the firewall was a bit long to be established, an example :

A box pings through the firewall and waits for response,
The FW don't even see the connection beginning during ~5 sec,
The FW sees the connections FORWARD Table packets increasing,
The ping-box receives many pongs a a short time and then receives the others normally.

If I try to ping again a short time after everything's OK.
I saw this behaviour for a couple of protocoles (POP3, SMTP ..).

I seems to me that the conection tracking module takes too much time to register the connection and when it has done his work enables the packet flow.
But maybe, I'm wrong.
The problem is that my FW does SNAT and I can't live without connection tracking

Is this behaviour normal??
Have I missed something in the configuration??
Have anyone faced the same problem???
What can I do to decrease this latency??

My Firewall runs on a RH 7.0 box with kernel 2.4.6 and iptables v1.1.1
with 3 NICS for inet, local and dmz.
Every packet FORWARDING stuff works greatfully except for the latency.

Every response will be appreciated


Subject User Time
Time Response florent at arcimex Jul 24, 2001, 8:23 AM
    Re: Time Response tearnshaw at landis Jul 25, 2001, 12:09 AM

  Index | Next | Previous | View Flat

Interested in having your list archived? Contact Gossamer Threads
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.