Problem with sharing internet through ubuntu server?

A

Alexander2011-11-29 23:47:08

ubuntu

Alexander, 2011-11-29 23:47:08

Goodnight.
In general, there is such a situation.
For several months I raised the distribution of the Internet on the ubuntu server. Raised l2tp connection with the provider, dhcp3-server for distributing addresses, and bind9 for the heap.
The channel officially presented by the provider: up to 40 Mbps
There are 8 devices on the channel.
Now the most interesting thing: Surfing the sites flies, dns respond quickly and the pages load quickly, the speed when grinding from a torrent is about 3.5 mb / s, but there are two tangible minuses:
1. YouTube works wildly slowly, sometimes at a resolution of 240 it takes about 5 minutes wait for the 2-minute video to load.
2. Huge ping in the game wow, just the most tangible indicator.
3. When pinging different servers, somewhere around 1 out of 15-20 packets is lost.
I tried to switch all this to the router, I got an interesting picture:
1. Dns response is wildly slow, each client had to register Google dns (8.8.8.8; 8.8.8.8.4)
2. Ping in wow decreased 10 times.
3. No more packet loss.
Now I will give a couple of servers a few configs:
L2tp:

unit 0<br/>
name **********<br/>
remotename l2tp<br/>
ipparam flex<br/>
connect /bin/true<br/>
mtu 1460<br/>
mru 1460<br/>
nodeflate<br/>
nobsdcomp<br/>
persist<br/>
maxfail 0<br/>
nopcomp<br/>
noaccomp<br/>
defaultroute<br/>
replacedefaultroute<br/>

dhcp3-server:

ddns-update-style none;<br/>
<br/>
# option definitions common to all supported networks...<br/>
# Глобальные настройки имени сети и dns серверов<br/>
 option domain-name &quot;Eashlanet&quot;;<br/>
 option domain-name-servers 192.168.0.250;<br/>
<br/>
# Время аренды адресов<br/>
 default-lease-time 86400; # 24 hours<br/>
 max-lease-time 172800; # 28 hours<br/>
<br/>
# If this DHCP server is the official DHCP server for the local<br/>
# network, the authoritative directive should be uncommented.<br/>
 authoritative;<br/>
<br/>
# Use this to send dhcp log messages to a different log file (you also<br/>
# have to hack syslog.conf to complete the redirection).<br/>
# По умолчанию, сообщения DHCP – сервера находятся в системном журнале /var/log/syslog.<br/>
# Эти сообщения можно перенаправить в отдельный журнал.<br/>
# Делается это следующим образом: создаём отдельный файл журнала touch /var/log/dhcpd.log,<br/>
# а затем в файл /etc/syslog.conf добавляем строку local7.* /var/log/dhcpd.conf и сохраняем его.<br/>
 log-facility local7;<br/>
<br/>
# No service will be given on this subnet, but declaring it helps the<br/>
# DHCP server to understand the network topology.<br/>
<br/>
subnet 192.168.0.0 netmask 255.255.255.0 {<br/>
 option netbios-name-servers 192.168.0.250;<br/>
 option domain-name-servers 192.168.0.250;<br/>
 option domain-name &quot;taraba4&quot;;<br/>
 option broadcast-address 192.168.200.255;<br/>
 option routers 192.168.0.250;<br/>
 range 192.168.0.20 192.168.0.150;<br/>
 }<br/>
<br/>
host Taraba4 {<br/>
 hardware ethernet 00:1a:4d:45:ef:74;<br/>
 fixed-address 192.168.0.2;<br/>
 }<br/>
<br/>
host Taraba4-iphone {<br/>
 hardware ethernet 04:1e:64:5b:3f:45;<br/>
 fixed-address 192.168.0.4;<br/>
 }<br/>
<br/>

Bind9 out of the box, did not touch the configs.
Rules iptables: primitive of course, but they work, no way to add hands.

#!/bin/sh<br/>
IPTABLES=&quot;/sbin/iptables&quot;<br/>
<br/>
echo 1 &gt; /proc/sys/net/ipv4/ip_forward<br/>
<br/>
$IPTABLES -F<br/>
$IPTABLES -X<br/>
<br/>
$IPTABLES -P INPUT ACCEPT<br/>
 $IPTABLES -P OUTPUT ACCEPT<br/>
 $IPTABLES -P FORWARD ACCEPT<br/>
<br/>
########################################################## ROUTER #######################################################################<br/>
<br/>
$IPTABLES -t nat -A POSTROUTING -o ppp0 -j MASQUERADE<br/>
 $IPTABLES -t nat -A POSTROUTING -o eth1 -j MASQUERADE<br/>

In general, I would really like to understand what could be the reason. If there is not enough information, then ask, I'll post everything.
Thank you very much in advance.

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

V

Vlad Zhivotnev, 2011-11-30
@inkvizitor68sl

xl2tpd and Bydline, right? ) Run from there, connect a normal provider.
These idiots can't even give all the headers from the server, although they have already been told what and where to enter in the configs. About sync framing, for example, the announcement is not given.
Seriously, you can try openl2tp, but there is about the same story.
As for YouTube and wow, they regularly drop their channel to Europe. Well, not that it falls, but the ping in 180-200ms delivers to hatzners. And the speed is 1-2 mbps, yes.

Y

YourChief, 2011-11-30
@YourChief

dhcp is out of business
$IPTABLES -t nat -A POSTROUTING -o eth1 -j MASQUERADEhere - this is not needed. and if the address on the external connection is constant, then it is generally better to replace it with SNAT. ip_forward is allowed through sysctl.conf
try pinging with large packets (700, 1000 and 1400 bytes each), measure the speed with iperf. check what is the situation when making requests from the server itself

A

AccessForbidden, 2011-11-30
@AccessForbidden

mtu/mru try to raise, only that in fact that ifconfig said that it is more.
I had the experience of running pptp - with the default mtu / mru, the symptoms were similar. 1490 fixed everything.

V

Vitaly Peretyatko, 2011-11-30
@viperet

Set up a shaper (HTB) on the server, with the max speed slightly less than what the provider provides, a separate class for each user (for fair channel sharing) + a class for high-priority traffic - online games, ssh, etc. How to do this has been written many times on Habré.