Masquerading problems

Datawolf datawolf@uncultured.org
Sat, 09 Dec 2000 14:24:16 -0700 

I have a dumb suggestion: try "ping -n" instead of just ping.  This will
turn off reverse DNS lookups.  The description you're giving sounds like
what happens when ping (only on Linux) tries to do reverse lookups, and
if the DNS request times out, it does wierd things.  It seems really
stupid, but the ping times are increased by DNS timeout time.  And it
tries to do the lookup for every single packet.  Here's an easy check: 
are the icmp_seq numbers consecutive for the pings that work?  If so,
they're all making it through, but they're all taking a really long
time, and queuing up for their shot at a DNS lookup.

I'm told this is a feature, not a bug.  <shrug>
-- 
Datawolf

Eric Thelin wrote:
> 
> I trying to use ip masquerading and getting very strange results.  I
> have created an ipchains config script that should work and sort of
> does.  It works fine to both addresses on the gateway machine.  Then I
> try to ping remote addresses.  The first ping and a few following pings
> usually works and then most of the rest are lost.  About 1 in 250 pings
> are returned.  I have actually rebuild the machine from scratch and it
> still does the same thing.  I had it working about 6 months ago and have
> know idea what is different.  My ipchanis config consists of:
> 
> /sbin/depmod -a
> /sbin/modprobe ip_masq_ftp
> echo "1" > /proc/sys/net/ipv4/ip_forward
> echo "1" > /proc/sys/net/ipv4/ip_always_defrag
> /sbin/ipchains -M -S 7200 10 160
> /sbin/ipchains -F
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -A forward -s 192.168.0.0/16 -j MASQ
> 
> Any ideas?  What could even cause this?  Could it be something related
> to the fact that the connection I am trying to share is a cable modem?
> 
> Eric
> 
> --
> Eric Thelin                                          erict@aztechbiz.com
>            AZtechBiz.com: Where Arizona Does Tech Business
>                Voice: 480-377-6743   Fax: 480-377-6755
> 
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss