Path: eternal-september.org!mx04.eternal-september.org!feeder.et
rnal-september.org!news.glorb.com!news-out.readnews.com!transit3
readnews.com!s09-10.readnews.com!not-for-mail
Newsgroups: comp.os.linux.networking,alt.comp.networking.firewal
s,alt.comp.networking.routers,alt.os.linux.debian,alt.os.linux.ubuntu
From: Mike Lovell 
Subject: iptables NAT forwarding adding 75-100ms
Organization: home.b0h0.com
Followup-To: comp.os.linux.networking
User-Agent: slrn/pre1.0.0-18 (Linux)
Message-ID: 
Date: Sun, 29 Apr 2012 17:42:47 -0500
Lines: 39
NNTP-Posting-Host: fa1bc2e5.stealthnews.com
X-Trace: DXC=06:]mQVV wan
eth0 -> lan

The relevant forwarding/NAT rules are:


#iptables -A FORWARD -i wan0 -o eth0 -m state --state RELATED,ESTABLISHED -j
ACCEPT
#iptables -A FORWARD -i eth0 -o wan0 -j ACCEPT

#iptables -t nat -A POSTROUTING  -o wan0 -j MASQUERADE


So pretty standard boring NAT.

Lag is occurring (between 75ms and 100ms) on all forwarding rules.  Apart
from the lag they function fine (no connectivity issues).


Ping: LAN Machine -> Debian Router = ~0.7ms
Ping: Debian Router -> Google = ~20ms
Ping: LAN Machine -> Google = ~121ms !!!


The Debian server has plenty of free RAM, the load is showing as low,
it's (at this time) entirely dedicated to routing - Why is it
introducing 100ms of lag into forwarded traffic???

Anyone else seen similar to this???


I get great speed from LAN machines, just high latency.

 ~ Mike
--- Platinum Xpress/Win/WINServer v3.0pr5
 * Origin: Omicron Theta BBS (1:261/20)