![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Previously...
I played around with MTUs, which might have helped a little but there aren't many data points.
My current suspicion is that my own slightly wacky network setup may have been to blame.
So my desktop was behind double-NAT, which the internets (and my colleague Thomas) pointed out were likely to break many things. Having moved the DSL modem to be on the same part of RFC1918-space as the rest of the wired net, I have started using the DSL modem as a direct gateway for desktop clients - and it all works much better. I don't think I've had a single blackhole event since making the change a couple of days ago.
The only downside that I can see is that I no longer have the fine-grained firewall control that I enjoyed with iptables. Right?
I played around with MTUs, which might have helped a little but there aren't many data points.
My current suspicion is that my own slightly wacky network setup may have been to blame.
- I had been running two different IP nets on the same physical net.
- Clients were allocated an address by DHCP (running on my server), server was DNS and gateway (amongst other things) to the second logical net. (My server has but a single ethernet interface.)
- Only my server and the DSL modem were on the second logical net.
- The DSL modem was itself running NAT.
So my desktop was behind double-NAT, which the internets (and my colleague Thomas) pointed out were likely to break many things. Having moved the DSL modem to be on the same part of RFC1918-space as the rest of the wired net, I have started using the DSL modem as a direct gateway for desktop clients - and it all works much better. I don't think I've had a single blackhole event since making the change a couple of days ago.
The only downside that I can see is that I no longer have the fine-grained firewall control that I enjoyed with iptables. Right?