[tproxy] IP_TRANSPARENT - cause to very slow connect
Balazs Scheidler
bazsi at balabit.hu
Tue Jan 20 11:01:16 CET 2009
On Tue, 2009-01-20 at 11:04 +0200, elyasaf wrote:
> When i'm not using "IP_TRANSPARENT", the connect takes something near 4
> miliseconds.
> With the "IP_TRANSPARENT", the first run of the client is fast, but the
> second and more takes more than 2 seconds (sometimes even 10)!
> What takes for the "connect" so much time?
you probably have a source port conflict, allow the kernel to
automatically allocate the source port number and then you'll be fine.
you probably have connection tracking and since the two connections
collide in the conntrack table, the second SYN is dropped.
--
Bazsi
More information about the tproxy
mailing list