On Wed, 29 Jan 2003, Matthieu Foillard wrote:
>
> Le Wednesday 29 January 2003 10:11, Matthieu Foillard a écrit :
> > I noticed that pppoa3 eats cpu time (about 4-5%) when i enable some
> > iptables rules and make my connection laggy (e.g. ping the second host in
> > my route is about 500 ms and is 55 ms when i disable flush all rules).
> > Did you noticed somethings similar ? If yes, any solutions u should provide
> > ?
>
> after some test, it seems that the rule which cause this problem is this one :
> iptables -A FORWARD -i eth+ -s 192.168.1.0/24 -j ACCEPT
> when i enable it, pppoa3 eats cpu time and connection is slow, like i describe
> before.
>
This doesn't make sense for a number of reasons:
1. Assuming eth+ is a shorthand for eth0, eth1 etc (I've never seen it before)
then you are adding iptables rules to the ethernet interfaces while pppoa3
is talking via pppd to a ppp* interface.
2. pppoa3 is doing _exactly_ the same work regardless of whether iptables
is in use or not. I get about 4-5% cpu on a P133 when the connection is
running flat out.
The only thing I can think of is your iptables rules blocking some of the
ICMP messages. ICMP redirect or DF set but must fragment would seem to
me to be likely candidates.
Do you have a RELATED rule? And are you explicitly blocking ICMP before
that? Have you tried logging everything that is denied or rejected and
then looking for something suspicious.
(I would be particularly suspicious if your ppp0 interface doesn't negotiate
a 1500 MTU with its peer or you have reduced one or more of the eth*
interfaces to less than 1500 for "performance" reasons)
Regards,
Tim
--
God said, "div D = rho, div B = 0, curl E = - @B/@t, curl H = J + @D/@t,"
and there was light.
http://tjw.hn.org/ http://www.locofungus.btinternet.co.uk/
Liste de diffusion modem ALCATEL SpeedTouch USB
Pour se désinscrire : mailto:[EMAIL PROTECTED]?subject=unsubscribe
