ipchains redirect failing in 2.4.5

From: David Lang (david.lang@digitalinsight.com)
Date: Tue Oct 30 2001 - 08:04:35 EST


I am attempting to track down a problem I have run into with 2.4.5

I have a firewall that has proxies listening on ports 1433-1437. If I
connect to these proxies on these ports I have no problems, however if I
put in an ipchains rule to redirect port 1433 on a second IP address to
port 1436 (for example) and then hammer the box with ab -n 500 -s 20 the
first 20 or so connections get through and then the rest timeout. doing
repeated netstat -an on the firewall during this process shows an inital
burst of 15 connections that get established, a pause, and then a handfull
more get established, followed by those 20 connections being in TIME_WAIT

again, connection to the same IP address on the real port the proxy is
listening on has no problems, it's only when going through the redirect
that it fails.

any suggestions, tuning paramaters I missed, or tests I need to run to
track this down?

David Lang
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Wed Oct 31 2001 - 21:00:40 EST