Allan Latham wrote:
the problem is that the laptop is sending the icmp for port unreachable on the
smb dgram port - or better said I am concerned that this is the last thing we
see before all activity stops.
Set up the normal configuration i.e over dial up and cipe.
Confirm with "netstat -antup" that you have the samba listening on all the
ports it should - particularly the udp dgram port (138).
udp 0 0 192.168.1.10:137 0.0.0.0:*
udp 0 0 0.0.0.0:137 0.0.0.0:*
udp 0 0 192.168.1.10:138 0.0.0.0:*
udp 0 0 0.0.0.0:138 0.0.0.0:*
Confirm that you are not blocking this port with "iptables -L -v -n"
That does not show 138 etc., but then it shouldn't as my firewall is
configured to allow only the VPN and SSH in. The VPN terminates inside
the firewall, with no firewall rules applied to it.
Is there anything in the samba configuration which restricts connectivity
to/from specific hosts/nets?
The direct connection test means that a lot of samba must be working - the
main differences (beside speed) are the use of eth0 on the laptop rather than
ppp0 and cipcb0.
The results I saw do not indicate a flood in one direction which does not get
through - also the packet sizes are small and this isn't an mtu problem.
On Sunday 07 September 2003 03:54, James Knott wrote:
I have just tried running my vpn through a direct connection via switch
to my firewall, so that it runs at full 100 Mb. I can now access the
file shares with no problem. This would indicate to me that the VPN is
functioning correctly and the problem is likely due to the great
bandwidth difference, as a result of going through the dial up
connection to a 100 Mb network. I wonder what can be done about that?
The direct connection test still used the VPN. The path was from my
notebook using a 192.168.3.x address connecting to my firewall. The
firewall then takes the VPN traffic from the notebook and sends it to
the server. This was set up as a test of the VPN at higher speeds than
the dialup access will allow. I have also successfully used it over
wireless at 11 Mb and again it works well. So, with no changes to the
firewall, VPN or Samba configuration, file sharing works well at the
higher speeds. My take on this, is that the server is sending out data
far faster than the dialup link can handle and it's getting dropped, due
to the apparently poor UDP flow control in Samba and NFS. FTP, which is
TCP, doesn't show this problem. If it works well with high speed
connections and not slow dialup connections, what else is likely to be
the problem? In both high speed examples, the VPN passed through the
same interface (eth0) as did the dialup via ISP connection.