Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20060504130538.GA16590@openwall.com>
Date: Thu, 4 May 2006 17:05:38 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-users@...ts.openwall.com
Subject: Re: TCP-Tuning

On Thu, May 04, 2006 at 01:07:18PM +0200, Bernhard Fischer wrote:
> - transfering 10MB of data within 10 seconds
> 
> so far, so good!
> 
> 2. scenario: gateway
> - two lan-interfaces (WAN: 10Mbit, LAN: 100Mbit)
> - transfering 10MB of data through the gateway within 122 seconds ?!?

What you describe sounds like a problem with path MTU discovery, perhaps
related to your ADSL modem (is one involved?) or your ISP.

The documentation for rp-pppoe suggests setting CLAMPMSS=1412 in
pppoe.conf - so just do that if you're using this package.  Otherwise,
you can try adding:

[0:0] -A FORWARD -p tcp --syn -j TCPMSS --set-mss 1412

to /etc/sysconfig/iptables on the gateway.  Alternatively, you can try
reducing the interface MTU on all hosts in your LAN to 1452.

This is kind of "TCP anti-tuning" - these settings are not optimal - but
they should work around the problem - if it is in fact MTU-related.

> How do i have to configure both lan-interfaces for best throughput?

That's not what you need.  What you have is not just suboptimal
throughput.  Things just aren't working right.

> When i look at the traffic-statistiks, there is a gap of 200ms silence
> followed by 300ms transmission. Why?

I've provided a guess above.  If it doesn't help, you'll need to post
excerpts of tcpdump output which demonstrate the periods of silence.

Hope this helps and does not annoy other owl-users too much - although
it's not specific to Owl...

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Was I helpful?  Please give your feedback here: http://rate.affero.net/solar

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.