Skip to Content.
Sympa Menu

thrulay-users - thrulay, bonding & iptables connection tracking

Subject: Discussion list for thrulay, a network testing tool

List archive

thrulay, bonding & iptables connection tracking


Chronological Thread 
  • From: Peter Daum <>
  • To:
  • Subject: thrulay, bonding & iptables connection tracking
  • Date: Fri, 11 May 2007 17:37:46 +0200 (CEST)
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.de; h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=Y1fXsyTw8Zh+xKfB4XuGVvo4BKz/S94Ldgc5Brr32POIeaNhcZT9s0vrQXjtt+zSwQn2VFJVfdCSAp1rKj+BCZNYNmbSGViFjoU+X44D6UaKjwPKS1v0KzBSJIRB7wo+TF73bLWYsN7Fe7BE6vVKI9fx0ANTWl1o7JYxdP3tT+U=;

Trying to improve network thruput for some servers, I am just experimenting
with the linux bonding driver. Thrulay would be pretty handy for measuring
the results. In this context, I ran into a strange problem:

Most of my machines have a own local firewall that blocks most incoming
traffic, but allows connections that were initiated by the machine itself via
connection tracking.
When I run thrulayd on a machine without any packet filter and 2 gigabit
ethernet interfaces bound together and connect from a machine with such
a firewall, thrulay shows a thruput that is ~50% oon the average and highly
variable. Obviously, this is due to response packets from the thrulay server
being thrown away by the firewall. Since it is a locally initiated tcp
connection (that also shows up in /proc/net/ip_conntrack) the packets
should normally be allowed by the firewall.
The same thing with a server without interface bonding works without any problem. When I shutdown the firewall on the client, it also works o.k.
It also seems, that this is specifically an issue with thrulay:
When I check a similar setting with netcat, the firewall also shows some
dropped packets, but the data rate is about as expected.

Does anybody have an idea, what is going on here?

Regards,
                                      Peter Daum



Heute schon einen Blick in die Zukunft von E-Mails wagen? Versuchen SieĀ“s mit dem neuen Yahoo! Mail.

  • thrulay, bonding & iptables connection tracking, Peter Daum, 05/11/2007

Archive powered by MHonArc 2.6.16.

Top of Page