https://community.hpe.com/t5/operating-system-linux/problem-linux-as-vpn-and-internet-gateway/m-p/4773003#M81275 Hi dear memebers.<BR /><BR />I just set up a linux server which is acting as an internet gateway. For specific reason clients first make a vpn connection trough the internet to the linux server. <BR />On the linux server iptables is configured for NAT.<BR />The problem is that the internet speed becomes slower than expected. <BR />I used windows and RAAS and the speed was realy good.<BR />The server has only 1 NIC(eth0) and an alias interface is added to eth0. the alias is eth:0 with ip address 192.168.0.253<BR /> iptables config is as follows:<BR /><BR />iptables -P INPUT ACCEPT<BR />iptables -F INPUT<BR />iptables -P OUTPUT ACCEPT<BR />iptables -F OUTPUT<BR />iptables -P FORWARD DROP<BR />iptables -F FORWARD<BR />iptables -t nat -F<BR /><BR />iptables -A FORWARD -d 192.168.0.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT<BR />iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT<BR />iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT --to MY_VALID_IP<BR /><BR />Please Help.<BR /> Sat, 02 Apr 2011 03:26:33 GMT hamidr 2011-04-02T03:26:33Z https://community.hpe.com/t5/operating-system-linux/problem-linux-as-vpn-and-internet-gateway/m-p/4773003#M81275 Hi dear memebers.<BR /><BR />I just set up a linux server which is acting as an internet gateway. For specific reason clients first make a vpn connection trough the internet to the linux server. <BR />On the linux server iptables is configured for NAT.<BR />The problem is that the internet speed becomes slower than expected. <BR />I used windows and RAAS and the speed was realy good.<BR />The server has only 1 NIC(eth0) and an alias interface is added to eth0. the alias is eth:0 with ip address 192.168.0.253<BR /> iptables config is as follows:<BR /><BR />iptables -P INPUT ACCEPT<BR />iptables -F INPUT<BR />iptables -P OUTPUT ACCEPT<BR />iptables -F OUTPUT<BR />iptables -P FORWARD DROP<BR />iptables -F FORWARD<BR />iptables -t nat -F<BR /><BR />iptables -A FORWARD -d 192.168.0.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT<BR />iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT<BR />iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT --to MY_VALID_IP<BR /><BR />Please Help.<BR /> Sat, 02 Apr 2011 03:26:33 GMT https://community.hpe.com/t5/operating-system-linux/problem-linux-as-vpn-and-internet-gateway/m-p/4773003#M81275 hamidr 2011-04-02T03:26:33Z https://community.hpe.com/t5/operating-system-linux/problem-linux-as-vpn-and-internet-gateway/m-p/4773004#M81276 Have you tested the speed of the VPN when the NAT is disabled, and vice versa?<BR /><BR />&gt; iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT --to MY_VALID_IP<BR /><BR />This looks slightly wrong: it applies SNAT to all outgoing traffic with 192.168.0.* source addresses. Even traffic that is going *to* the 192.168.0.* network will get SNATted, which probably isn't exactly what you wanted.<BR /><BR />Try this line instead:<BR /><BR />iptables -t nat -A POSTROUTING -s 192.168.0.0/24 \! -d 192.168.0.0/24 -j SNAT --to MY_VALID_IP<BR /><BR />SNAT should be applied to Internet traffic only, not to traffic that is going to your internal network. This line should SNAT everything that has source address within 192.168.0.*, and destination address NOT within 192.168.0.*.<BR /><BR />MK Mon, 04 Apr 2011 04:16:50 GMT https://community.hpe.com/t5/operating-system-linux/problem-linux-as-vpn-and-internet-gateway/m-p/4773004#M81276 Matti_Kurkela 2011-04-04T04:16:50Z https://community.hpe.com/t5/operating-system-linux/problem-linux-as-vpn-and-internet-gateway/m-p/4773005#M81277 Thank you dear Matti but the problem still persists. I just found that even when I run an apache server and simply download a file from my server, I will get a maximum of 10KB/s. The server has 100 Mb/s of internet connectivity and my internet sepeed is about 2 Mb/s. Please help me. Mon, 04 Apr 2011 08:26:22 GMT https://community.hpe.com/t5/operating-system-linux/problem-linux-as-vpn-and-internet-gateway/m-p/4773005#M81277 hamidr 2011-04-04T08:26:22Z