My firewall has started to drop large connections, like downloading a >1MB file over FTP or HTTP typically fails. But, it seems that the speed needs to be over 4-500 K/s before the error occurs. I live in Norway and if I ftp from ftp.sunet.se a linux distro ISO for instance this will faill at about 1 MB size, then it will retry, continue another megabyte and a new stall. But if I download a large file from a slow server at about 100-200 K/s the download will continue. When I flush my iptables script the error is gone. I did some tests like remove all iptables entries with -m limit and such. Also I tested from a nat'ed machine behind the firewall and from the firewall itself. Same error on both. I also run Snort on the computer, but it does no difference if it is started or not. The only thing I can think of is that I not very long ago upgraded from a 2.4 kernel to a 2.6 kernel. The last two kernels I tried was 2.6.11 and now the 2.6.12-rc3, both produces the same error. I also now upgraded iptables from 1.2.11 to 1.3.1 but the same error appears. My dmesg shows no error messages. How can I get a log from what is happening? It is not in the FORWARD or OUTPUT chains since it happens from both internal clients and the firewall itself. Can it be NAT? I use SNAT to do natting of all connections. How can I debug nat? I did a ping -f to my gateway, no packet loss, even if i crank the size up to 1450. I am outta ideas. System info: Fujitsu Server eepro100 NICs (2) SCSI disks 2 at 10GB each Kernel 2.6.11 and 2.6.12-rc3 iptables 1.2.11 and 1.3.1 Hope you have some ideas on my problem. Best regards Stian B. Barmen
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
