port 110 very slow

Hi I hope you can shed some light on this.

I installed a firewall/gateway on an AMD 1.1gHz PC with 256M RAM, 20G HDD
RTL8139 (rtl8139too driver) as eth1 internet facing and 3Com 3C59x eth0 lan
facing.

The OS is Mandrake 8.2 being the only distro that would actually boot. The
firewall is iptables configured as follows:
--------------------------------------------------------
#### NAT
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o eth1 -j SNAT --to-source 203.xxx.yyy.zzz
# alpha for privacy for this post
COMMIT
#### MANGLE
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
#### FILTER
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
--------------------------------------------------------

Now port 80 (http) works fine so does port 25. The trouble is with port 110
not receiving emails at proper speeds, 'tis very slow. Eth1 connects to a
Motorola Surfboard cable modem. Here is chkconfig --list

--------------------------------------------------------
alsa 0:off 1:off 2:off 3:off 4:off 5:off 6:off
kheader 0:off 1:off 2:on 3:on 4:off 5:on 6:off
keytable 0:off 1:off 2:on 3:on 4:on 5:on 6:off
usb 0:off 1:off 2:on 3:on 4:on 5:on 6:off
netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
partmon 0:off 1:off 2:off 3:off 4:off 5:off 6:off
random 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rawdevices 0:off 1:off 2:off 3:on 4:on 5:on 6:off
sound 0:off 1:off 2:off 3:off 4:off 5:off 6:off
harddrake 0:off 1:off 2:off 3:on 4:on 5:on 6:off
syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
xfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off
portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off
kudzu 0:off 1:off 2:off 3:off 4:off 5:off 6:off
anacron 0:off 1:off 2:off 3:off 4:off 5:off 6:off
atd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
devfsd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
gpm 0:off 1:off 2:on 3:on 4:on 5:on 6:off
internet 0:off 1:off 2:on 3:on 4:on 5:on 6:off
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
nfslock 0:off 1:off 2:off 3:off 4:off 5:off 6:off
numlock 0:off 1:off 2:off 3:off 4:off 5:off 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
smb 0:off 1:off 2:off 3:off 4:off 5:off 6:off
squid 0:off 1:off 2:off 3:on 4:on 5:on 6:off
nfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off
dhcpd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
--------------------------------------------------------

What I'm wondering is why the performance is so abysmal. Here is the output
from /var/log/daemons/errors:

--------------------------------------------------------
Sep 11 09:48:17 gwfw dhcpd: receive_packet failed on eth0: Network is down
--------------------------------------------------------

But the network is not down at all!!! Here is the output from ifconfig:

--------------------------------------------------------
eth0 Link encap:Ethernet HWaddr 00:50:DA:22:C5:E4
inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:98904 errors:21 dropped:14 overruns:7 frame:1
TX packets:61454 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:25291862 (24.1 Mb) TX bytes:27603675 (26.3 Mb)
Interrupt:10 Base address:0xe800

eth1 Link encap:Ethernet HWaddr 00:E0:4C:0A:D4:29
inet addr:203.xx.yyy.zzz Bcast:203.97.253.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:44471803 errors:1 dropped:0 overruns:0 frame:0
TX packets:151730 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:2725370421 (2599.1 Mb) TX bytes:53823034 (51.3 Mb)
Interrupt:11 Base address:0xef00

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8851 errors:0 dropped:0 overruns:0 frame:0
TX packets:8851 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:670508 (654.7 Kb) TX bytes:670508 (654.7 Kb)
--------------------------------------------------------

You can see on the lan side (eth0) there are a lot of RX packet errors. The
Linux firewall on eth0 is processing netbios broadcasts from the two
Windows boxes it's attached to which may account for the errors but I can't
imagine that small number affecting overall performance on port 110.

What on earth else should I be looking at to troubleshoot this problem?

Thanks for your indulgence.
:-) Peter

Peter Lowrie wrote:

(-- quote pruned, TV --)

> Hi I hope you can shed some light on this.
>
> I installed a firewall/gateway on an AMD 1.1gHz PC with 256M RAM, 20G HDD
> RTL8139 (rtl8139too driver) as eth1 internet facing and 3Com 3C59x eth0 lan
> facing.
>
> The OS is Mandrake 8.2 being the only distro that would actually boot.
>
> Now port 80 (http) works fine so does port 25. The trouble is with port 110
> not receiving emails at proper speeds, 'tis very slow. Eth1 connects to a
> Motorola Surfboard cable modem. Here is chkconfig --list


Your server for POP3 (TCP/110) may attempt to identify the
TCP connection user with the IDENT protocol (TCP/113).

You could open the TCP port 113 for inward connections and
see if the situation changes. The security implications are
quite small, an IDENT request needs to refer to an open
TCP connection opened in the opposite direction (here: the
POP3 read at TCP/110).

--

Tauno Voipio
tauno voipio (at) iki fi

Thanks Tauno

As far as I knew all ports are open anyway. Would you please instruct me on
where I should make such changes? Is it in the iptables file?

Thanks from Peter


Tauno Voipio wrote:

> Peter Lowrie wrote:
>
> (-- quote pruned, TV --)
>
>> Hi I hope you can shed some light on this.
>>
>> I installed a firewall/gateway on an AMD 1.1gHz PC with 256M RAM, 20G HDD
>> RTL8139 (rtl8139too driver) as eth1 internet facing and 3Com 3C59x eth0
lan
>> facing.
>>
>> The OS is Mandrake 8.2 being the only distro that would actually boot.
>>
>> Now port 80 (http) works fine so does port 25. The trouble is with port
110
>> not receiving emails at proper speeds, 'tis very slow. Eth1 connects to a
>> Motorola Surfboard cable modem. Here is chkconfig --list
>
>
> Your server for POP3 (TCP/110) may attempt to identify the
> TCP connection user with the IDENT protocol (TCP/113).
>
> You could open the TCP port 113 for inward connections and
> see if the situation changes. The security implications are
> quite small, an IDENT request needs to refer to an open
> TCP connection opened in the opposite direction (here: the
> POP3 read at TCP/110).
>

Hello,

Peter Lowrie a écrit :
>
> The trouble is with port 110 not receiving emails at proper speeds

Port 110 does not receive emails, it sends them.
What does "not at proper speed" mean exactly ?
- establishing a POP3 connection takes a long time (how long) ?
- there is a delay between a command and the beginning of the reply ?
- the instant transfer rate is slow (how slow) ?

Does it happen from the gateway, the Windows boxes or both ?

"Pascal Hambourg" <boite-a-spam@plouf.fr.eu.org> wrote in message
news:ee4s0u$d99$1@biggoron.nerim.net

>> The trouble is with port 110 not receiving emails at proper speeds
>
> Port 110 does not receive emails, it sends them.

Port 110 (assuming pop3 service enabled on the port) does NOT send emails.
The service allows one to retrieve email from a local mailbox.

Patrick a écrit :
>
> Port 110 (assuming pop3 service enabled on the port) does NOT send emails.
> The service allows one to retrieve email from a local mailbox.

So port 110 sends the packets which transport the retrieved emails.

Peter Lowrie wrote:
>
>>Peter Lowrie wrote:
>>
>>(-- quote pruned, TV --)
>>
>>
>>>Hi I hope you can shed some light on this.
>>>
>>>I installed a firewall/gateway on an AMD 1.1gHz PC with 256M RAM, 20G HDD
>>>RTL8139 (rtl8139too driver) as eth1 internet facing and 3Com 3C59x eth0
>
> lan
>
>>>facing.
>>>
>>>The OS is Mandrake 8.2 being the only distro that would actually boot.
>>>
>>>Now port 80 (http) works fine so does port 25. The trouble is with port
>
> 110
>
>>>not receiving emails at proper speeds, 'tis very slow. Eth1 connects to a
>>>Motorola Surfboard cable modem. Here is chkconfig --list
>>
>>
>>Your server for POP3 (TCP/110) may attempt to identify the
>>TCP connection user with the IDENT protocol (TCP/113).
>>
>>You could open the TCP port 113 for inward connections and
>>see if the situation changes. The security implications are
>>quite small, an IDENT request needs to refer to an open
>>TCP connection opened in the opposite direction (here: the
>>POP3 read at TCP/110).
>>

(-- top-posting corrected, TV --)

> Thanks Tauno
>
> As far as I knew all ports are open anyway. Would you please instruct me on
> where I should make such changes? Is it in the iptables file?

The IDENT connection will be from the server toward your
computer, so the firewall needs to accept the incoming TCP
connection.

How are your firewall rules generated? By hand / some automatic tool?

You can check the iptables rules by typing (as root)

iptables -nLv

and saving the result from stdout.

Depending on your network setup (stand-alone or router), you need
a rule in either the INPUT or FORWARD chain passing the TCP SYN
packet to port 110.

HTH

--

Tauno Voipio
tauno voipio (at) iki fi

Tauno Voipio a écrit :
>
> The IDENT connection will be from the server toward your
> computer, so the firewall needs to accept the incoming TCP
> connection.

Usually it works fine when the firewall rejects the incoming connection
to TCP port 113 with a nice TCP RST (--REJECT --reject-with tcp-reset).
What servers "dislike" is a plain DROP which causes time-out delays.

> You can check the iptables rules by typing (as root)
>
> iptables -nLv
>
> and saving the result from stdout.

My preference goes to iptables-save.