Thanks Tom. You don't know what you take for granted until it is broken. The problem was not Shorewall.
I resolved the slow upstream connection with the following three configuration settings. I created a tcinterface file with: #INTERFACE TYPE IN_BANDWIDTH OUT_BANDWIDTH eth3 External 0 20mbit:100kb:200ms:50mbit:10kb ref: https://sourceforge.net/p/shorewall/mailman/message/27196287/ I increased the txqueuelen of the Xen vif interfaces from 32 to 200 # crontab SHELL=/bin/bash PATH=/usr/sbin:/usr/bin:/sbin:/bin # m h dom mon dow command */5 * * * * ifconfig | grep -P '^vif\d+\.\d+' | awk '{system("ifconfig "$1" txqueuelen 200")}' ref: http://djlab.com/2011/05/dropped-vif-tx-packets-on-xenserver/ And I disabled TSO on the webserver iface eth0 inet static address 10.0.10.3 netmask 255.255.255.0 broadcast 10.0.10.255 gateway 10.0.10.1 up ethtool -K eth0 tx off tso off With these changes I can DNAT to the full potential of my 20mbit upstream link. Simple in retrospect. I hope this note is a help for others with the same problem. Rgds jCandlish . On Wed, Mar 9, 2016 at 3:48 AM, Tom Eastep <[email protected]> wrote: > On 03/08/2016 12:26 PM, John Candlish wrote: >> I think this may be an issue with Xen that is triggered when DNATting >> between a physical and virtual interface. >> > ... >> >> >> I am thankful for any recommendations on how to proceed from here. >> > > If you post the output of 'shorewall dump' as a compressed attachment, I > will take a look. But I don't believe that Shorewall is involved in this > issue. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > ------------------------------------------------------------------------------ > Transform Data into Opportunity. > Accelerate data analysis in your applications with > Intel Data Analytics Acceleration Library. > Click to learn more. > http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140 > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > ------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
