> Why do you have to use --interface ? Because ppp1 is not the default route's output device. I'm running that command on the gateway to test the connection. Forgot to mention it, Sorry. > I would suspect first MTU issues It's indeed a MTU issue. After enabling MSS clamping, I get full speed on the host. Thank you so much for the help. :) > On Jul 12, 2015, at 5:05 AM, Pascal Hambourg <pascal@xxxxxxxxxxxxxxx> wrote: > > Glen Huang a écrit : >> I have a pptp client connection (ppp1) on a gateway. If I directly >> using curl --interface ppp1 to download a file, I get full download >> speed very quickly (2m/s). > > Why do you have to use --interface ? > >> But if I route my lan host to ppp1 and -o ppp1 -j MASQUERADE, running >> curl to download the same file on the host starts very slow (less than >> 100k/s), then the speed *slowly* increases(about 50k per second), until >> it reach about 1.8m/s. While downloading the file on the host, the >> gateway's cpu usage never reach 1 from the output of top. >> >> If I directly establish the pptp client connection on host, I quickly >> get full speed again. >> >> I wonder what might slow down the network when the packets are >> forwarded. I'm currently guess it's the masquerade target, but I'm not sure. > > I don't think MASQUERADE is the culprit. I would suspect first MTU > issues (fragmentation, path MTU discovery). > >> How do I test it? > > Lower the MTU of the client host LAN interface below ~1460. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
