* Netfilter NAT & Quake
@ 2002-10-15 7:40 Michel Briand
0 siblings, 0 replies; 2+ messages in thread
From: Michel Briand @ 2002-10-15 7:40 UTC (permalink / raw
To: netfilter
Hello,
I have Linux for many years and, since 10 month I play Quake III on
Internet with my little linux box ;-)
Since I brought an HUB I connected my second PC and more to my local
network.
I use kernel 2.4.19 and SuSE distro with their SuSEfirewall2 that give
me some good functionnalities to achieve theses tasks :
- NAT for my LAN to the Internet
- protection of all non specified ports (tcp&udp)
- open thoses ports that I've chosen (ssh&https)
I have the following problem :
-- when we are 2 playing all run fine but when we are 3 the kernel spend
more time in kernel space to deliver packets and Quake lags. A kernel
hacker (a friend of mine) tell me that the kernel have to work a lot
with all theses packets that Quake sends&receives .... and it would be a
race problem in the NAT & filtering code.
When there is only 2 connections to Quake servers actives all run fine
== the lag is not perceptible ...
-- when a box of my LAN connects, my host (the router) could not connect
to Quake III server anymore ... When the connection is in the inverse
order (my host = route, another box of my LAN) all connect fine.
-- when I decide to run eDonkey from my M$ box, it complains about the
port 4662 that I've specified in firewall to be open .... and it's not ????
That's all folks !
Thank you in advance ;)
Michel
^ permalink raw reply [flat|nested] 2+ messages in thread
* RE: Netfilter NAT & Quake
@ 2002-10-17 0:13 Sneppe Filip
0 siblings, 0 replies; 2+ messages in thread
From: Sneppe Filip @ 2002-10-17 0:13 UTC (permalink / raw
To: Michel Briand, netfilter
[-- Attachment #1: Type: text/plain, Size: 3516 bytes --]
Hi,
Michel Briand [mailto:michelbriand@free.fr] wrote:
>
>I have Linux for many years and, since 10 month I play Quake III on
>Internet with my little linux box ;-)
>
...
>
>I have the following problem :
>
>-- when we are 2 playing all run fine but when we are 3 the kernel spend
>more time in kernel space to deliver packets and Quake lags. A kernel
Wow, that strikes me as fairly odd/weird behaviour. Do you have numbers
that show this rise in kernel time when the third client enters the
scenario, like at least a "vmstat 1" output ? What hardware are you
running the NAT box on ?
IIRC, one thing that happens with Quake III traffic is, the client connects
from a fixed source UDP port. If you're masquerading this traffic, there's
no problem for one client behind the firewall. If a second client connects
to the same gameserver, the masquerading gateway will have to change
the source UDP port of this new traffic flow in order not to confuse
the Quake III server. A third client will also need a udp source port
change, etc. The nat box needs to keep track of this.
I don't know what the overhead of this operation is - I'm tempted to
think it should be rather unnoticable. Still, it's a theory :-)
>hacker (a friend of mine) tell me that the kernel have to work a lot
>with all theses packets that Quake sends&receives .... and it would be a
>race problem in the NAT & filtering code.
One other theory is that all three of you are connected to the same
Quake III server on the internet blasting away at each other, and
that there is some congestion somewhere upstream since, to the rest
of the Internet, all the Quake III traffic seems to be coming from one
IP address. Quake III = udp, so there's a fairly big chance of udp
traffic getting dropped by routers when there are network bursts.
What happens when all three of you are playing behind the nat box, but
connected to different Quake III servers ? Does the firewall choke
on that too ?
The following test would be interesting: can you put all three clients
behind your nat box and have them connect to a Quake III server on
a 100Mbps server ? There should be no congestion, lag or packet loss
on 100Mbps, and no problem for the server with just three clients, so
if you're getting lag in that setup, there is probably something wrong
with the masquerading box and you may be on to something.
>When there is only 2 connections to Quake servers actives all run fine
>== the lag is not perceptible ...
ok.
>-- when a box of my LAN connects, my host (the router) could not connect
>to Quake III server anymore ... When the connection is in the inverse
>order (my host = route, another box of my LAN) all connect fine.
Yep, this is possible in this scenario (remember the "same source udp
port" thing from above):
- you masquerade udp traffic coming from your LAN
- you don't masquerade traffic coming from the local box
The masquerading/nat code has checks for source ports that are in use
and adjusts those on the fly, but your locally generated traffic
doesn't go through the masquerade code.
This problem should disappear if you also masquerade traffic from
the local machine on your Internet interface.
>-- when I decide to run eDonkey from my M$ box, it complains about the
>port 4662 that I've specified in firewall to be open .... and it's not ????
>
Sorry, can't help you with that one without more help...
Regards,
Filip
[-- Attachment #2: Type: text/html, Size: 4352 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2002-10-17 0:13 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-10-15 7:40 Netfilter NAT & Quake Michel Briand
-- strict thread matches above, loose matches on Subject: below --
2002-10-17 0:13 Sneppe Filip
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.