[Bug 945] Transmit performance regression with NAT and 3.14

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Wed May 21 19:34:47 CEST 2014 

https://bugzilla.netfilter.org/show_bug.cgi?id=945

--- Comment #1 from Ryan Power <rpower at sysreset.com> 2014-05-21 19:34:47 CEST ---
My iptables settings are as follows:
/usr/sbin/iptables --flush
/usr/sbin/iptables -t nat --flush
/usr/sbin/iptables -t mangle --flush
/usr/sbin/iptables -A INPUT -i ppp0 -s 10.0.0.0/8 -j DROP
/usr/sbin/iptables -A INPUT -i ppp0 -s 127.0.0.0/8 -j DROP
/usr/sbin/iptables -A INPUT -i ppp0 -s 169.254.0.0/16 -j DROP
/usr/sbin/iptables -A INPUT -i ppp0 -s 172.16.0.0/12 -j DROP
/usr/sbin/iptables -A INPUT -i ppp0 -s 192.168.0.0/16 -j DROP
/usr/sbin/iptables -A INPUT -i ppp0 -m state --state INVALID -j NFLOG
--nflog-group 0
/usr/sbin/iptables -A INPUT -i ppp0 -m state --state INVALID -j DROP
/usr/sbin/iptables -A INPUT -i ppp0 -p icmp -m icmp --icmp-type
address-mask-request -j NFLOG --nflog-group 1
/usr/sbin/iptables -A INPUT -i ppp0 -p icmp -m icmp --icmp-type
address-mask-request -j DROP
/usr/sbin/iptables -A INPUT -i ppp0 -p icmp -m icmp --icmp-type
timestamp-request -j NFLOG --nflog-group 1
/usr/sbin/iptables -A INPUT -i ppp0 -p icmp -m icmp --icmp-type
timestamp-request -j DROP
/usr/sbin/iptables -A INPUT -i ppp0 -p icmp -m icmp --icmp-type any -m limit
--limit 5/second -j ACCEPT
/usr/sbin/iptables -A INPUT -i ppp0 -p tcp -m multiport --dports 25,80,443,993
-j ACCEPT
/usr/sbin/iptables -A INPUT -i ppp0 -p udp -m multiport --dports 1,67,513 -j
DROP
/usr/sbin/iptables -A INPUT -i ppp0 -m state --state NEW -j NFLOG --nflog-group
0
/usr/sbin/iptables -A INPUT -i ppp0 -m state --state NEW -j DROP
/usr/sbin/iptables -P FORWARD DROP
/usr/sbin/iptables -A FORWARD -i ppp0 -d 10.0.0.0/8 -j ACCEPT
/usr/sbin/iptables -A FORWARD -i eth0 -s 10.0.0.6 -p tcp --tcp-flags SYN,RST
SYN -j TCPMSS --clamp-mss-to-pmtu
/usr/sbin/iptables -A FORWARD -i eth0 -s 10.0.0.0/8 -j ACCEPT
/usr/sbin/iptables -A FORWARD -j NFLOG --nflog-group 1
/usr/sbin/iptables -A POSTROUTING -t nat -o ppp0 -j SNAT --to X.X.X.X

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the netfilter-buglog mailing list