On Fri, 23 Oct 2009, Carl Michal wrote: > > DNS queries are definitely allowed. My problem is somewhat intermittent - > sometimes an scp transfer will complete, sometimes it won't. When an scp > transfer of a file stalls, it often stalls at the > same point in a file. > > Karl + Matt: > > Stalls are when there's something going on - usually heavy traffic. > If a file transfer is going to stall, its usually near the beginning - in the > first few 100 kB or so. > > This is just a local firewall, this machine isn't doing any routing. > > iptables -I INPUT -p tcp --dport 22 -j ACCEPT > doesn't seem to help. > > I tried the --clamp-mss-to-pmtu option, but it didn't help [...] > 10:11:53.666783 IP 128.189.212.241.49536 > spider.phas.ubc.ca.ssh: S > 1204070872:1204070872(0) win 5840 <mss 1380,[|tcp]> > 10:11:53.666819 IP spider.phas.ubc.ca.ssh > 128.189.212.241.49536: S > 3213527017:3213527017(0) ack 1204070873 win 5792 <mss 1460,[|tcp]> Different MTU sizes? It does look like an MTU problem. What kind of Internet connection do you have? What is your network topology? Try to set MSS to 1380 with the TCPMSS target in the OUTPUT chain. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
