0.1.7 success and failure
Ronald A. McCormick
ramccor@xnet.com
Tue, 14 Sep 1999 20:26:23 -0500
Rusty,
This describes to a tee my performance problems as well... except that
I am not using ipchains. I converted the ruleset to the equivalent
ipnatctl rules. Same version netscape, same SLOW os (Win98 SE in my
case) No messages showed up in my /var/adm/messages. Yes, I get long
delays looking up hosts, long delays retrieving pages (VERY long. Seems
to go in bursts somewhere abound 15-30 k then long pauses then 15-30 k
again... repeating. So it appears to be continuous.
I will look for 0.1.8 and try that when available. If there are any
other hints to try please let me know.
-Ronald McCormick
ramccor@xnet.com
Paul Rusty Russell wrote:
>
> In message <Pine.LNX.4.10.9909060921510.539-100000@wr5z.localdomain> you write:
> > netfilter 0.1.7 finally compiles (modulo the previously noted one-line
> > patch) and runs but has some problems. Doing an insmod ipchains.o as
> > mentioned in the howto works, and the ipchains rules can be inserted as
> > expected. However, netscape 4.6 performance from a masqueraded machine
> > on the home lan (a Win98 box) is extremely poor.
>
> Hmm, this is wierd. Define `extremely poor'. Long delays looking up
> new sites (implies a DNS problem)? Long delays retrieving new pages
> (implies a connection setup problem)? Slow throughput downloading
> large files (implies a continuous problem)...
>
> > I'm getting the
> > following messages in /var/log/messages:
> > Sep 6 08:19:44 wr5z kernel: ip_fw: packet drop due to netlink failure
>
> Yeah, my patch for when CONFIG_NETLINK_DEV was not set was bogus.
> Remove the net_ratelimit & printk lines from ipchains_core.c for the
> moment: 1.0.8 fixes this.
>
> Thanks,
> Rusty.
> --
> Hacking time.