Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

slow internet connection with rp-pppoe + shorewall [solved]
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
hegga
Apprentice
Apprentice


Joined: 04 Jun 2003
Posts: 210
Location: Norway
PostPosted: Wed Aug 10, 2005 10:23 pm    Post subject: slow internet connection with rp-pppoe + shorewall [solved] Reply with quote
i've had some plans for some time now to replace my zyxel zyair router with an gentoo based
on rp-pppoe and shorewall. well i've finally done it, but my internet connection is _very_slow.
can anyone come up with some suggestions, or see anything that is wrong?

/etc/conf.d/net:
Code:

iface_eth0="10.42.42.1 broadcast 10.42.42.255 netmask 255.255.255.0"
iface_eth1="adsl"


ifconfig:
Code:

eth0      Link encap:Ethernet  HWaddr 00:50:8B:4E:D7:0B 
          inet addr:10.42.42.1  Bcast:10.42.42.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5164 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5106 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:797274 (778.5 Kb)  TX bytes:3156319 (3.0 Mb)

eth1      Link encap:Ethernet  HWaddr 00:02:B3:16:7F:4E 
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3210 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2729 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2830589 (2.6 Mb)  TX bytes:587994 (574.2 Kb)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

ppp0      Link encap:Point-to-Point Protocol 
          inet addr:xxx.xxx.xxx.xxx  P-t-P:xxx.xxx.xxx.xxx  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:3200 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2720 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:2759485 (2.6 Mb)  TX bytes:527809 (515.4 Kb)


the connection is still slow if i do:
Code:

/etc/init.d/shorewall stop && /etc/init.d/shorewall clear


result of ethtool:
Code:

Settings for eth0:
        Supported ports: [ TP MII ]
        Supported link modes:   10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
        Supports auto-negotiation: Yes
        Advertised link modes:  10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
        Advertised auto-negotiation: Yes
        Speed: 100Mb/s
        Duplex: Full
        Port: MII
        PHYAD: 1
        Transceiver: internal
        Auto-negotiation: on
        Supports Wake-on: g
        Wake-on: g
        Current message level: 0x00000007 (7)
        Link detected: yes

Settings for eth1:
        Supported ports: [ TP MII ]
        Supported link modes:   10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
        Supports auto-negotiation: Yes
        Advertised link modes:  10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
        Advertised auto-negotiation: Yes
        Speed: 100Mb/s
        Duplex: Full
        Port: MII
        PHYAD: 1
        Transceiver: internal
        Auto-negotiation: on
        Supports Wake-on: g
        Wake-on: g
        Current message level: 0x00000007 (7)
        Link detected: yes


ping:
Code:

PING www.l.google.com (216.239.59.104) 56(84) bytes of data.
64 bytes from 216.239.59.104: icmp_seq=1 ttl=241 time=737 ms
64 bytes from 216.239.59.104: icmp_seq=2 ttl=241 time=325 ms
64 bytes from 216.239.59.104: icmp_seq=3 ttl=241 time=335 ms
64 bytes from 216.239.59.104: icmp_seq=4 ttl=241 time=346 ms
64 bytes from 216.239.59.104: icmp_seq=5 ttl=241 time=1999 ms
64 bytes from 216.239.59.104: icmp_seq=6 ttl=241 time=1000 ms
64 bytes from 216.239.59.104: icmp_seq=7 ttl=241 time=357 ms
64 bytes from 216.239.59.104: icmp_seq=8 ttl=241 time=367 ms
64 bytes from 216.239.59.104: icmp_seq=9 ttl=241 time=1999 ms
64 bytes from 216.239.59.104: icmp_seq=10 ttl=241 time=1000 ms
64 bytes from 216.239.59.104: icmp_seq=11 ttl=241 time=378 ms
64 bytes from 216.239.59.104: icmp_seq=12 ttl=241 time=1000 ms
64 bytes from 216.239.59.104: icmp_seq=13 ttl=241 time=266 ms

--- www.l.google.com ping statistics ---
13 packets transmitted, 13 received, 0% packet loss, time 19997ms
rtt min/avg/max/mdev = 266.318/778.109/1999.680/587.577 ms, pipe 3


shorewall.conf
Code:

STARTUP_ENABLED=Yes
LOGFILE=/var/log/messages
LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No
LOGRATE=
LOGBURST=
LOGALLNEW=
BLACKLIST_LOGLEVEL=
LOGNEWNOTSYN=info
MACLIST_LOG_LEVEL=info
TCP_FLAGS_LOG_LEVEL=info
RFC1918_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
BOGON_LOG_LEVEL=info
LOG_MARTIANS=No
IPTABLES=/sbin/iptables
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=/var/lock/subsys/shorewall
STATEDIR=/var/lib/shorewall
MODULESDIR=
CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
FW=fw
IP_FORWARDING=On
ADD_IP_ALIASES=Yes
ADD_SNAT_ALIASES=No
RETAIN_ALIASES=No
TC_ENABLED=yes
CLEAR_TC=Yes
MARK_IN_FORWARD_CHAIN=No
CLAMPMSS=Yes
ROUTE_FILTER=No
DETECT_DNAT_IPADDRS=No
MUTEX_TIMEOUT=60
NEWNOTSYN=Yes
ADMINISABSENTMINDED=Yes
BLACKLISTNEWONLY=Yes
DELAYBLACKLISTLOAD=No
MODULE_SUFFIX=
DISABLE_IPV6=Yes
BRIDGING=No
DYNAMIC_ZONES=No
PKTTYPE=Yes
DROPINVALID=No
RFC1918_STRICT=No
MACLIST_TTL=
SAVE_IPSETS=No
BLACKLIST_DISPOSITION=DROP
MACLIST_DISPOSITION=REJECT
TCP_FLAGS_DISPOSITION=DROP


shorewall/rules:
Code:

####################################################################################################
#ACTION  SOURCE         DEST            PROTO   DEST    SOURCE     ORIGINAL     RATE            USER/
#                                               PORT    PORT(S)    DEST         LIMIT           GROUP
DNAT    net     local:10.42.42.2        tcp     22 #ssh
DNAT    net     local:10.42.42.5        tcp     80 #web
DNAT    net     local:10.42.42.5        tcp     25 #smtp
DNAT    net     local:10.42.42.5        tcp     443 #ssl
ACCEPT  fw              net             udp     53 #dns
ACCEPT  fw              net             tcp     53 #dns
ACCEPT  fw              net             tcp     80 #http
ACCEPT  fw              net             icmp    8 #ping
ACCEPT  fw              net             tcp     123 #ntp
ACCEPT  fw              net             udp     123 #ntp
ACCEPT  fw              net             tcp     873 #rsync
ACCEPT  net             fw              icmp    8 #ping
ACCEPT  local           fw              udp     67 #dhcp
ACCEPT  local           fw              tcp     22 #ssh
ACCEPT  local           fw              udp     53 #dns
ACCEPT  local           fw              tcp     53 #dns
ACCEPT  local           net             udp     53 #dns
ACCEPT  local           net             tcp     53 #dns
ACCEPT  local           net             icmp    8 #ping
ACCEPT  local           net             tcp     80 #web
ACCEPT  local           net             tcp     443 #ssl
ACCEPT  local           net             tcp     22 #ssh
ACCEPT  local           net             tcp     873 #rsync
ACCEPT  local           net             tcp     993 #imaps
ACCEPT  local           net             tcp     110 #pop
ACCEPT  local           net             tcp     25 #smtp
ACCEPT  local           net             tcp     123 #ntp
ACCEPT  local           net             udp     123 #ntp
ACCEPT  local           net             udp     5190 #im
ACCEPT  local           net             tcp     5190 #im
ACCEPT  local           net             udp     5222 #jabber
ACCEPT  local           net             tcp     5222 #jabber
ACCEPT  local           net             udp     1863 #msn
ACCEPT  local           net             tcp     1863 #msn
#########################################################
#IP TELEFONI
#########################################################
ACCEPT  local:10.42.42.150      net     udp     16384
ACCEPT  local:10.42.42.150      net     tcp     16384
ACCEPT  local:10.42.42.150      net     udp     16394
ACCEPT  local:10.42.42.150      net     udp     5060
ACCEPT  local:10.42.42.150      net     tcp     5060
DNAT    net     local:10.42.42.150      tcp     5060
DNAT    net     local:10.42.42.150      udp     5060
DNAT    net     local:10.42.42.150      udp     16384
DNAT    net     local:10.42.42.150      tcp     16384
#16394 udp
#5060 udp og tcp
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE


shorewall/interface:
Code:

#ZONE    INTERFACE      BROADCAST       OPTIONS                 GATEWAY
net     ppp0            -
local   eth0            10.42.42.255    detectnets                     
#
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE


shorewall/zones:
Code:

#ZONE                   DISPLAY         COMMENTS
net                     Internet
local                   local
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE


shorewall/policy:
Code:

#SOURCE         DEST            POLICY          LOG             LIMIT:BURST
#                                               LEVEL
local      net         DROP     info
net        all         DROP     info
all        all         DROP     info
#LAST LINE -- DO NOT REMOVE


shorewall/masq:
Code:

#INTERFACE              SUBNET          ADDRESS         PROTO   PORT(S) IPSEC
ppp0    eth0
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE


pppoe.conf:
Code:

ETH='eth1'
USER='xxxxxx@xxxxxx.xx'
DEMAND=no
DNSTYPE=SERVER
PEERDNS=yes
DNS1=
DNS2=
DEFAULTROUTE=yes
CONNECT_TIMEOUT=30
CONNECT_POLL=2
ACNAME=
SERVICENAME=
PING="."
PIDFILE="/var/run/$CF_BASE-adsl.pid"
SYNCHRONOUS=no
CLAMPMSS=1412
LCP_INTERVAL=20
LCP_FAILURE=3
PPPOE_TIMEOUT=80
FIREWALL=NONE
LINUX_PLUGIN=
PPPOE_EXTRA=""
PPPD_EXTRA="mtu 1492 mru 1492"

_________________
hegga

Last edited by hegga on Tue Aug 16, 2005 8:56 pm; edited 3 times in total
Back to top
View user's profile Send private message
thesnowman
Guru
Guru


Joined: 08 May 2003
Posts: 365
Location: Sydney, Australia
PostPosted: Thu Aug 11, 2005 7:41 am    Post subject: Reply with quote
Can you post your shorewall config?
Code:
sed -e 's/#.*//;/^\s*$/d' "$@" /etc/shorewall/shorewall.conf
Back to top
View user's profile Send private message
hegga
Apprentice
Apprentice


Joined: 04 Jun 2003
Posts: 210
Location: Norway
PostPosted: Thu Aug 11, 2005 9:10 am    Post subject: Reply with quote
thesnowman wrote:
Can you post your shorewall config?
Code:
sed -e 's/#.*//;/^\s*$/d' "$@" /etc/shorewall/shorewall.conf


I've added shorewall.conf and pppoe.conf to the post now
_________________
hegga
Back to top
View user's profile Send private message
hegga
Apprentice
Apprentice


Joined: 04 Jun 2003
Posts: 210
Location: Norway
PostPosted: Thu Aug 11, 2005 10:30 pm    Post subject: Reply with quote
anyone got a clue?
_________________
hegga
Back to top
View user's profile Send private message
JayJay78
n00b
n00b


Joined: 29 Jan 2004
Posts: 32
PostPosted: Fri Aug 12, 2005 8:47 am    Post subject: Reply with quote
Hi,

which pppd-version do you use?

and why rp-pppoe? the pppoe-kernelmode runs very good and don't need the package rp-pppoe.
Back to top
View user's profile Send private message
hegga
Apprentice
Apprentice


Joined: 04 Jun 2003
Posts: 210
Location: Norway
PostPosted: Fri Aug 12, 2005 10:37 am    Post subject: Reply with quote
i use the pppd version that comes with rp-pppoe-3.5-r11.
do have a link to how i can configure pppoe-kernelmode?
_________________
hegga
Back to top
View user's profile Send private message
thesnowman
Guru
Guru


Joined: 08 May 2003
Posts: 365
Location: Sydney, Australia
PostPosted: Fri Aug 12, 2005 9:15 pm    Post subject: Reply with quote
You are using traffic control - TC_ENABLED=yes - with shorewall, so you may want to look into how that is setup. Post your config here and someone may be able to help.
Back to top
View user's profile Send private message
hegga
Apprentice
Apprentice


Joined: 04 Jun 2003
Posts: 210
Location: Norway
PostPosted: Sat Aug 13, 2005 5:27 pm    Post subject: Reply with quote
if the problem is shorewall related, should not the problem be solved on the local gateway
by running the following?
Code:

/etc/init.d/shorewall stop && /etc/init.d/shorewall clear


i will anyway update my orginal post with my shorewall config.
_________________
hegga
Back to top
View user's profile Send private message
hegga
Apprentice
Apprentice


Joined: 04 Jun 2003
Posts: 210
Location: Norway
PostPosted: Tue Aug 16, 2005 8:57 pm    Post subject: Reply with quote
solution: changed the pci slot on the nic, all worked smoothly after that.... :-D
_________________
hegga
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy