I think it is hardware related(well, DOH), which is causing large packets dropping. You could try sending ping of different packets size, and see when they begin to get dropped ----- Original Message ----- From: tanuki <phake@xxxxxxxxxxxxxx> Date: Tue, 13 Jul 2004 15:56:19 +0200 Subject: Wierd problem with irqs To: netfilter@xxxxxxxxxxxxxxxxxxx Hi all had an interresting problem the other day, just thought i'd share it with you all and see if any body else had a similar experience. I set up a small nat/firewall box for a client of ours. we had 5 interfaces and they were as follows eth0 192.168.10.1 netmask 255.255.255.255 pointopoint 192.168.10.2 <--- adsl modem doing nat eth1 192.168.0.1 netmask 255.255.255.0 eth2 192.168.1.1 netmask 255.255.255.0 eth3 192.168.2.1 netmask 255.255.255.0 eth4 192.168.3.1 netmask 255.255.255.255 pointopoint 192.168.3.2 <-- some upstairs router and the routing table looked like you would expect it to, with route add default gw 192.168.10.1 dev eth0 also we had echo "1" > /proc/sys/net/ipv4/ip_forward for simplicity , iptables rules were as follows iptables -t nat --append POSTROUTING -o eth0 --jump MASQUERADE so, now all traffic using 192.168.0.1 , 1.1, 2.1 and 3.1 as a gateway should be able to reach the internet via the modem on 192.168.10.2 , right ? well, all icmp worked, perfectly but everything else , ie , udp, tcp didn't say for example http : packets get sent to tcp 80, tcp replies get recieved, but no data gets back to the user on 192.168.whatever strange huh ? so i thought my mtu was befuqed, so i do iptables --append FORWARD --proto tcp --tcp-flags SYN,RST SYN --jump TCPMSS --clamp-mss-to-pmtu no luck though. tried a plethora of other stuff too , but didn't work, so i'll leave that there obviously the nat works, becuase all my icmp's are natted. mmm so i go into the boxes bios set up and tell it to assign irq's to all pci devices automatically boot up into linux and do ifconfig eth4 up eth4: error fetching interface information: Device not found eh ? wtf ? so i do ifconfig eth0 up and the device gets brought up then i do ifconfig eth4 up and it brings it up . Strange huh ? so now i see that all my cards are swopped arround. that which used to be eth0 is now eth4 and so on and so on. anyway, plug in the appropiate network cables to the relevant nics and run the script to a ping to google.com ... everything works fine. right, so far so good. right back were i started now, do a HTTP-GET http://www.google.com and guess what i get a lovely html page. strange that changing the device irg assignment in the bios solved my problem ? any ideas what could have caused this ? thanks a lot for bearing with my idiotic ramblings so far ---------------- tanuki
