I've to come back on this topic. ;( I've recently upgrade by firewall (debian box) both on hardware (from old PIII/PII pc to modern compact server) and on software (from debian lenny ot debian squeeze). These box are used as firewall, gateway and to handle openvpn tunnels. I handle priorization and shaping with fwmark and htb, using custom scripts. I've ecn enabled. After the upgrade, all communication using the openvpn tunnels that rely on big data transfer (http, https, imaps, scp, ...) stalls. I've done: 1) effectively i was filtering icmp on openvpn tunnels, but enable icmp does not solve the trouble (probably make it behave better). 2) i've enabled/disabled ecn, no change 3) i've enabled/disabled marking, no change 4) i've tried to clamp MTU/MSS, but even using ridiculous size (500byte) does not solve. Lastly i've disabled ''tc'' (priorization/shaping), and i've found that if i disable shaping on eth0 (LAN interface) problem desappeared. I know that shaping on eth0, using as bandwidth 100Mbit/s, does not make much sense, but i've enabled it because ''will not hurt'', and in these years i've had no trouble at all. So, i'm very curious about the source of this trouble. Could be a software (kernel 3.6.32) trouble? or an hardware (Broadcom Corporation NetXtreme BCM5723 Gigabit Ethernet PCIe) trouble? What changed in my setup that make this massive traffic drop? Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/chi_siamo/5xmille.php (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
