Attempting to caue packet loss with netem doesn't work - possibly because of NAT (but delay does work)

Posted by tomdee on Server Fault See other posts from Server Fault or by tomdee
Published on 2012-03-20T17:09:11Z Indexed on 2012/03/20 17:31 UTC
Read the original article Hit count: 242

Filed under:

ubuntu

|

nat

I have traffic from a WIFI access point routed via an Ubuntu box. I have two network interfaces which are NATed

*filter
:INPUT ACCEPT [11:690]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [37:6224]
-A FORWARD -s 192.168.2.0/24 -i eth1 -o eth0 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Thu Mar 15 13:37:21 2012
# Generated by iptables-save v1.4.10 on Thu Mar 15 13:37:21 2012
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -j MASQUERADE
COMMIT

If I run a ping app on an Android device connected to the WIFI network I can happily ping google.

If I use netem to introduce some delay tc qdisc change dev eth0 root netem delay 100ms I can clearly see pings taking longer.

If I use netem to introduce some packet loss tc qdisc change dev ifb0 root netem loss 50% then I see no change.

Packet loss does work fine for locally generated traffic, just not for traffic coming in over the network that's being NATed.

Any ideas how to sort this out?

© Server Fault or respective owner

Related posts about ubuntu

Cannot update, apt-get cannot fetch index files

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a fresh install of Ubuntu 11.10 from the iso 'ubuntu-11.10-desktop-amd64.iso'. I installed this in VMWare Fusion 4.1.1 running on OSX 10.7.3. When setting up the VM, I allowed easy install to take care of creating my user and installing VMWare tools. No problems during installation, everything… >>> More
'sudo apt-get update' error on Ubuntu 12.04

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
When I type in 'sudo apt-get update' I get this mohd-arafat-hossain@TUD:~$ sudo apt-get update [sudo] password for mohd-arafat-hossain: Ign http://bd.archive.ubuntu.com precise InRelease Ign http://bd.archive.ubuntu.com precise-updates InRelease Ign http://bd.archive.ubuntu… >>> More
Opening Skype, Opera, OpenOffice logs me off

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Whats common among Skype, Opera, OpenOffice in Ubuntu ? Whenever I open these applications I get logged off and shows back me the login screen. This started happening since the 10.10 upgrade. Forgot to mention : Yes, its x64.Each time I open these applications, the UI shows and then crashes. I… >>> More
Update information outdated

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a warning triangle that my update information is outdated, the last update was 12 days ago. I use Ubuntu 11.10. A run of sudo apt-get update produces the following output: Ign http://ppa.launchpad.net oneiric InRelease Ign http://de.archive.ubuntu.com oneiric InRelease … >>> More
ubuntu/apt-get update said "Failed to Fetch http:// .... 404 not found"

as seen on Server Fault - Search for 'Server Fault'
Hi all, I'm trying to run apt-get update on ubuntu 9.10 I've configured my proxy server and I can access the internet without any problem: /etc/apt# wget "http://www.google.com" Resolving (...) Proxy request sent, awaiting response... 200 OK Length: 292 [text/html] Saving to: `index.html' 100%[=================================================================================================================================>]… >>> More

Related posts about nat

Cisco 881 losing NAT NVI translation config after reload

as seen on Server Fault - Search for 'Server Fault'
This is a weird one, so I'll try to explain in as much detail as I can so I'm giving the whole picture. As I've mentioned in my other questions, I'm in the process of setting up a new Cisco 881 as my WAN router and NAT firewall. I'm facing an issue where NAT NVI rules that I have configured are not… >>> More
IPtables AWS EC2 NAT/Reverse NAT - For Reverse Proxy style setup but with IPtables

as seen on Server Fault - Search for 'Server Fault'
I was thinking initially needing to do a reverse proxy or something so I could get some SSL/TLS traffic look like it is being terminated at a server and IP address in the AWS cloud, and then that traffic is forwarded onto our actual web servers that aren't in the cloud... I've not done much iptables… >>> More
asterisk/freeswitch in nat/no-nat setup

as seen on Server Fault - Search for 'Server Fault'
hi, my current setup - i use bunch of sip hard-phones around few offices. all devices have two sip accounts configured - one on internal sip proxy [for calls between the branches], another - at 3rd party voip providers [ since it's in different countries - those are different providers, but that's… >>> More
Problem with setup VPN in Ubuntu Server 12.04

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a problem with setup VPN server on my Ubuntu VPS, here is my server environments: Ubuntu Server 12.04 x86_64 xl2tpd 1.3.1+dfsg-1 pppd 2.4.5-5ubuntu1 openswan 1:2.6.38-1~precise1 After install software and configuration: ipsec verify Checking your system to see if IPsec got installed and… >>> More
Problem with setup VPN on Ubuntu Server 12.04

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a problem with setup VPN server on my Ubuntu VPS, here is my server environments: Ubuntu Server 12.04 x86_64 xl2tpd 1.3.1+dfsg-1 pppd 2.4.5-5ubuntu1 openswan 1:2.6.38-1~precise1 After install software and configuration: ipsec verify Checking your system to see if IPsec got installed and… >>> More