I went fairly bananas trying to figure out why OpenSuse 10.2 was frigging slow on some web sites and not so bad on others. Looking at forums, I ended up disabling ipv6 in Firefox, then disabling ipv6 all together. It didn't help. Eventually, it turned out that the MTU was the problem. It was set to 1500. It required to be brought down to 1492. I couldn't figure that earlier, because our firewall blindly drops all icmp packets.
A quick
ifconfig eth0 mtu 1492
or alternately
ip link set eth0 mtu 1492
fixed the problem. Phew!
[Hey you newbie network admin types: Set your f/w to allow ICMP unreachable -- fragmentation needed messages. These are type 3, code 4 messages. Don't just blindly block ICMP because you read somewhere that it's unsafe. i.e. in Linux:
iptables -A FORWARD -p icmp --icmp-type fragmentation-needed -j ACCEPT
iptables -A INPUT -p icmp --icmp-type fragmentation-needed -j ACCEPT
...
iptables -A FORWARD -p icmp -j DROP
iptables -A INPUT -p icmp -j DROP
]
No comments:
Post a Comment