Shorewall users - Aug 2012 - Slow Uploads with DSL0

Hi all

 

Environment:
+ opensuse 12.1 (x86)
+ 1Gb Ram & 2vCPU
+ ifconfig:
- dsl0 (Net)
- eth0 (pppoe|dhcp)
- eth1 (Lan)
+ pppoe
+ Netcomm NB5 adsl2+ router (bridge mode)

Zones
lan   ipv4                            #
net   ipv4                            #
fw    firewall

Interfaces
lan   eth1
net   dsl0    -       dhcp

Policy (due to troubleshooting)
all   all     ACCEPT

Masq
dsl0  eth1



Additional Info:

Net to Firewal|Lan traffic (Downloads) use all available bandwidth. All
OK.

 

 

Problem:

All Firewall & Lan traffic to Net (Uploads) timeout or transmit very
little data. 

Scenario: LAN FTP Server or LAN SMTP. Internet client connects to either
(NAT). pushing data (downloading) to either server is OK, however
retrieving data (Uploading) fails.

 

 



------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

FTP is a protocol that relies on two channels; a control channel (the
typical port 21), and a data channel (random ports, established when
transferring files).



In this case, sounds like you can’t setup the data-channel.   Which means
that the protocol helper isn’t loaded, or not monitoring the right FTP
control port (ie: if you have your server on an alternate port).



Check-out the FTP connection-tracking section of:
http://www.shorewall.net/FTP.html



Kris



*From:* Alias [mailto:alias@kimber.net.au]
*Sent:* August-21-12 7:45 AM
*To:* shorewall-users@lists.sourceforge.net
*Subject:* [Shorewall-users] Slow Uploads with DSL0



Hi all



Environment:
+ opensuse 12.1 (x86)
+ 1Gb Ram & 2vCPU
+ ifconfig:
- dsl0 (Net)
- eth0 (pppoe|dhcp)
- eth1 (Lan)
+ pppoe
+ Netcomm NB5 adsl2+ router (bridge mode)

Zones
lan   ipv4                            #
net   ipv4                            #
fw    firewall

Interfaces
lan   eth1
net   dsl0    -       dhcp

Policy (due to troubleshooting)
all   all     ACCEPT

Masq
dsl0  eth1

Additional Info:

Net to Firewal|Lan traffic (Downloads) use all available bandwidth. All OK.





Problem:

All Firewall & Lan traffic to Net (Uploads) timeout or transmit very little
data.

Scenario: LAN FTP Server or LAN SMTP. Internet client connects to either
(NAT). pushing data (downloading) to either server is OK, however
retrieving data (Uploading) fails.


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

On 08/21/2012 04:44 AM, Alias wrote:
> Hi all
>
> Environment:
> + opensuse 12.1 (x86)
> + 1Gb Ram & 2vCPU
> + ifconfig:
> - dsl0 (Net)
> - eth0 (pppoe|dhcp)
> - eth1 (Lan)
> + pppoe
> + Netcomm NB5 adsl2+ router (bridge mode)
>
> Zones
> lan   ipv4                            #
> net   ipv4                            #
> fw    firewall
>
> Interfaces
> lan   eth1
> net   dsl0    -       dhcp
>
> Policy (due to troubleshooting)
> all   all     ACCEPT
>
> Masq
> dsl0  eth1
>
> Additional Info:
>
> Net to Firewal|Lan traffic (Downloads) use all available bandwidth. All OK.
>
> Problem:
>
> All Firewall & Lan traffic to Net (Uploads) timeout or transmit very
> little data.
>
> Scenario: LAN FTP Server or LAN SMTP. Internet client connects to either
> (NAT). pushing data (downloading) to either server is OK, however
> retrieving data (Uploading) fails.

Try setting CLAMPMSS=Yes in shorewall.conf.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

Yeah my bad..

 

Vsftpd: Pasv 30000-30100

Shorewall  rule 30000-30010.

 

From: Kristopher Lalletti [mailto:kristopher@lalletti.ca] 
Sent: Tuesday, 21 August 2012 10:07 PM
To: Shorewall Users
Subject: alias@kimber.net.au - Email found in subject - Re:
[Shorewall-users] Slow Uploads with DSL0

 

FTP is a protocol that relies on two channels; a control channel (the
typical port 21), and a data channel (random ports, established when
transferring files).

 

In this case, sounds like you can''t setup the data-channel.   Which
means that the protocol helper isn''t loaded, or not monitoring the
right
FTP control port (ie: if you have your server on an alternate port).

 

Check-out the FTP connection-tracking section of:
http://www.shorewall.net/FTP.html

 

Kris

 

From: Alias [mailto:alias@kimber.net.au] 
Sent: August-21-12 7:45 AM
To: shorewall-users@lists.sourceforge.net
Subject: [Shorewall-users] Slow Uploads with DSL0

 

Hi all

 

Environment:
+ opensuse 12.1 (x86)
+ 1Gb Ram & 2vCPU
+ ifconfig:
- dsl0 (Net)
- eth0 (pppoe|dhcp)
- eth1 (Lan)
+ pppoe
+ Netcomm NB5 adsl2+ router (bridge mode)

Zones
lan   ipv4                            #
net   ipv4                            #
fw    firewall

Interfaces
lan   eth1
net   dsl0    -       dhcp

Policy (due to troubleshooting)
all   all     ACCEPT

Masq
dsl0  eth1

Additional Info:

Net to Firewal|Lan traffic (Downloads) use all available bandwidth. All
OK.

 

 

Problem:

All Firewall & Lan traffic to Net (Uploads) timeout or transmit very
little data. 

Scenario: LAN FTP Server or LAN SMTP. Internet client connects to either
(NAT). pushing data (downloading) to either server is OK, however
retrieving data (Uploading) fails.

 

 



------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/