Re: ipchains redirect failing in 2.4.5 (and 2.4.13)

David Lang (david.lang@digitalinsight.com)
Tue, 30 Oct 2001 05:39:33 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Sam Vilain: "Re: VIA KT133 data corruption update"
Previous message: Frank Dekervel: "Re: need help interpreting 'free' output."

I just confirmed that the problem still happens on 2.4.13.

I also confirmed that I can suplicate the problem without multiple
simultanious connections. if I do ab -n 50 (50 connections as fast as an
athlon 1.2GHz can fire them off) I get the same failure. If the
connections arrive at a sufficiantly slow rate the redirect works (no idea
yet what that rate is yet)

doing the test directly to the proxy port results in ~5
connections/second. I don't see any reason that this should be enough to
cause problems.

David Lang

On Tue, 30 Oct 2001, David Lang wrote:

> Date: Tue, 30 Oct 2001 05:04:35 -0800 (PST)
> From: David Lang <david.lang@digitalinsight.com>
> To: linux-kernel@vger.kernel.org
> Subject: ipchains redirect failing in 2.4.5
>
> I am attempting to track down a problem I have run into with 2.4.5
>
> I have a firewall that has proxies listening on ports 1433-1437. If I
> connect to these proxies on these ports I have no problems, however if I
> put in an ipchains rule to redirect port 1433 on a second IP address to
> port 1436 (for example) and then hammer the box with ab -n 500 -s 20 the
> first 20 or so connections get through and then the rest timeout. doing
> repeated netstat -an on the firewall during this process shows an inital
> burst of 15 connections that get established, a pause, and then a handfull
> more get established, followed by those 20 connections being in TIME_WAIT
>
> again, connection to the same IP address on the real port the proxy is
> listening on has no problems, it's only when going through the redirect
> that it fails.
>
> any suggestions, tuning paramaters I missed, or tests I need to run to
> track this down?
>
> David Lang
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Sam Vilain: "Re: VIA KT133 data corruption update"
Previous message: Frank Dekervel: "Re: need help interpreting 'free' output."