Specific comments below.
At 08:05 AM 2/18/03 -0800, Eric House wrote:
[...]
If you check the actual rulesets (with "shorewall status"), do you see any rules that are DENYing or REJECTing a lot of packets without logging them?Two sites that work great when I connect directly to the dsl modem (using pppoe on a Debian Testing system) but are unusable when I go through LEAF are epicurious.com and winespectator.com. Yahoo.com too, as discussed. They're not blocked, just incredibly -- 10 minutes per page -- slow. Also, it helps to click on the links multiple times, as if most outgoing packets resulting from those clicks were being dropped.I'm not seeing any denied packets in the shorewall logs when running Bering.
If you can tell ... *where* in the sequence is the loading slow? For example, does the URL *resolve* promptly but then take a long time to load? Does the main download proceed quickly but secondary downloads (e.g., images) slow things down? Is it someplace else?
In the two situations you are comparing (Bering and Sarge), how are the systems doing DNS resolution? If (for example) the Sarge system uses the SBC resolvers directly but systems behind Bering access DNS through dnscache on the router, then try having them access the SBC resolvers directly to see if that helps.
How do the two systems differ in their handling of auth (ident) queries? Sometimes having a firewall DENY or even REJECT such queries introduces delays (relative to either actually answering them or leaving the port unfirewalled but also not listening ... this was a big problem with SMTP and LRP a couple of years ago).
How often does your PPPoE address change?
Are you using the same workstation in both instances (I infer a laptop running Sarge from scattered parts of your report) ... one connected to a LAN NAT"d by Bering, the other connected directly to the DSL router? IF not, does doing so change anything?
Oh, and not to quibble ... but is the "10 minutes per page" a real, timed test, or just a falsely precise translation of "incredibly ... slow"? If the second, please do an actual timed test and tell us how long it takes to download some specific URL, for example, the home page of winespectator.com . (I ask this because some specific delay times, like "just over 3 minutes", are "magic numbers" that suggest specific problem sources. But "10 minutes per page" itself suggests nothing specific to me.)
I don't know what this means ... if "the laptop" is the Debian-Sarge system you mention above, it would need to be ACCEPTing traffic to its PPPoE address when run directly. So are you describing the settings of the Linux client when it is running behind the Bering firewall?I don't have shorewall on the laptop. There are no ports open other than to 192.168.1.* (as per /etc/hosts.allow).
Two other pieces of information. 1) Bering and Bering-uClib behave the same. I was wrong before about only the uClib version having the problem. I've had some perceived performance problems with Bering-uClib at one location but it was nothing like what I'm seeing now with stock Bering 1.0. 2) Bering does NOT have this problem when used on at ATT cable connection. Yahoo and the rest are fine. So it's somehow related to pppoe or maybe to PacBell/SBC.
Or to differing DNS methods. How do they compare between SBC and ATT?
Me either. But I can't see why the other stuff you suggest as candidate causes would make a difference either. So I'd suggest you do this test.I've seen this with Mozilla and lynx and links. Have not yet checked whether it happens if the host is not running Linux, but can't see how that'd make a difference.
--
-------------------------------------------"Never tell me the odds!"--------
Ray Olszewski -- Han Solo
Palo Alto, California, USA [EMAIL PROTECTED]
-------------------------------------------------------------------------------
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
