[问题求助][CentOS] 疑难杂症！用linux做NAT， QQ登陆巨慢。 [复制链接]

首先，对你进来查看此贴.表示由衷感谢！           女人
最近遇到一个问题，.已经想尽办法，GOOGLE，CSUBOY综合社区N次无果。小.弟于是特来请教各位大哥。          婚庆

最开始公司用的是硬路由，因为前断时间公司网络开始被攻.击，而那硬路由竟然没有最基本的抓包功能，没有办法查找到攻击IP，于是想做一个软路由来解决这个问题.。首先我做的是RouterOS，想必各位都用过，做.好后，（被攻击的问题已经解决），用的是SNAT方式。MASQUERADE也试了。其它一切都正常，唯独QQ登陆巨慢，以前用硬路由的时候QQ登陆大概10秒左右。现在用软路由登陆30.秒到1分不等，悲剧。今天换了CentOS 5.4，做好NAT后，还是一样，QQ登陆超级慢,各个版本.QQ都试过，2008，2009。请教.各位！.

.  google了N次，发.现很多兄弟跟我遇到了同样的情况，但是却一直没有真正有用的解决之道！.


   经过多次抓包测试,发现每次都是连接一个UDP的4005 和一个 4002 端口 unre.achabl.e 悲剧..

tcp.dump: ver.bose output suppressed, use -v or -vv for full protocol decode           建材
listening on eth1., link-type EN10MB (Ethernet), capture size .96 bytes           建材
18:32:39.256330 IP 192.168.1.50...1032 > 255.255.255.255.13: UDP, length 1--------------彩票
18.:32:44.256335 IP 192.168.1..50.1032 > 255.255.255.255.13: UDP, length 1    外汇
18:32:47.506066 IP 192.168.1.50.1215 > 2.22.246.132.105.10060: UDP, len.gth 14.0--------------彩票
18:.32:.47.512147 IP 222.246..132.105.10060 > 192.168.1.50.1215: UDP, length 110          婚庆
18:32:49.25634.4 IP 192.168.1.50.1032 > 255.255.255.255.13:. UDP, length 1.
1.8:32:54.365912 IP 192.168.1..50.1032 > 255.255.255.255.13: UDP, length 1域名
18:.32:54.778519 IP 192.168.1.50.52275 > 222.246.129.80.53:  42632+ A?. sz.tencent..com. (32)    美容
18:32:54.787675. IP .222.246.129.80.5.3 > 192.168.1.50.52275:  42632 19/3/3 A 219.133.49.47,[|domain]服务器
1.8:32:5.4.81002.1 IP 192.168.1.50.56281 > 222.246.129.80.53:  12854+ A? sz2.tencent.com. (33)    健康
18:3..2:54.818693 IP 222.246.129.80.53 > 192.168.1..50.56281:  12854 18/3/3 A 58.61.165.62,[|domain]          婚庆
18:32:54.824191 IP 192.168.1..50.61192 > 222.246.129.80.53:  2231.5+ A? sz3.tencent.com. (.33).
18:3.2:54.831669 IP 222.2.46.129.80.53 > 192.168.1.50.61192:  22315 18/3/3 A 58.2.51.62.61,[|domain]           女人
18:32:54.837148 IP 192.168.1.50..58542 > 222.246.129..80.53:  7705+ A? sz4.tencent.com.. (33).
18:32:54.845020 IP 222.246.129.80.53 > 192.168.1.50...5.8542:  7705 22/3/3 A 119.147.12.190,[|domain]电脑
18:.32:54.850367 IP 192.168.1.50..50157 > 222.246.129.80.53:  .40570+ A? sz5.tencent.com. (33)           建材
18:32.:54.85.8132 IP 2.22.246.129.80.53 > 192.168.1.50.50157:  40570 21/3/3 A 58.60.14.103,[|domain].
18:32:54.863610 IP 192.168.1.50.65303 > 222.2.46.129.8.0.53:  54310+ A? sz6.tencent.com. (.33)--------------彩票
18:32:54.87.6.274 IP 222.246.129.80.53 > 192.168.1.50.65303:  54310 21/3/3 A 58.251.60.46,[|do.main]<性病>
18:32:54.882057 IP 1.92.168.1.50.61657 > 222.246.129.80.53.:  .44759+ A? sz7.tencent.com. (33)           建材
1.8:32:54.891626 IP 222.246.129.80.53 > 192.168.1.50.61657:  44759 .14/3/3 A 1.21.14.75.62,[|domain]虚拟主机
18:32:54...897064 IP 192.168.1.50.54948 > 222.246.129.80.53:  47904+ A? sz8.tencent.c.om. (33)
18:32.:54.906093 IP 222.246.129.80.53 .>. 192.168.1.50.54948:  47904 19/3/3 A 219.133.48.96,[|domain]学习
18:.32:54.911439 IP 192..16.8.1.50.58894 > 222.246.129.80.53:  59428+ A? sz9.tencent.com. (33)(广告)
18:32:54..919.574 IP 222.246.129.80.53 > 192.168.1.50.58894:  59428 16/2/2 A 219..133.49.167,[|domain].
18:32:54.995928 IP 192.16.8.1.50.4000 > .219.133.49.47.8000: UDP, length 76             电子
18:32:54.999084 .IP 192.168.1.50.4.001 > 58.61.165.62.8000: UDP, length 76             电子
18:32:55.002292 IP 192.168.1.50.4002 > 58.251..62.61.8000: UDP, le.ngth 76    外汇
18:32:55.005431 I.P 192.168.1..50.4003 > 119.147.12.190.8000: UDP, length 76    外汇
18:32:55.008616 IP 192.168.1.50.4004 > 58.60.14.103.80.00: UDP, .length 76外贸
18:32:55.011856 IP 192.168.1.50.400.5 > 58.251.60.46.8000: UDP, leng.th 76          婚庆
18:3.2:55.015086 IP 1.92.168.1.50.4006 > 121.14.75.62.8000: UDP, length 76    外汇
18:32:55.015909 IP 58.61..165.62..8000 > 192.168.1.50.4001: UDP, length 112(广告)
18:32:55.018384 IP. 192.168.1.50.4007 > 219.133.48.96.8000: U.DP, length 76外贸
18:32:55.021103 IP 119.147.12.190.8000 > 192.16.8.1.50.4003: UDP, le.ngth 112              乙肝
18:.32:55.021904 IP 192.168.1.50.4008 > 219.133.49.1.67.8000: UDP, length 76电脑
18:32:.55.023242 IP 58.60.14.103.8000 .> 192.168.1.50.4004: UDP, length 112.
18:32:55.023525 IP 192.168.1.50.4001. > 58.60.1.4.44.8000: UDP, length 76域名
18:32.:55.024570 IP 192.168.1.50.4003 > 119.147.12..171.8000: UDP, length 76(广告)
18:32:55.02567.7 IP 192.168.1.50.4004 > 58.60.14.44.8000: UDP,. length 76    美容
18:32:55.033301 IP 219.133..48.96.8000 > 1.92.168.1.50.4007: UDP, length 112    健康
18:32:55.036203 IP 219..133.49.167.8000 > 192.168.1.50.4008: UDP,. length 112            杀毒
18:32:55.039597 IP 58.60.14..44.8000 > 192.168.1.50.4001: UDP, lengt.h 96.
18:32:55.04070.8 IP 58.60.14.44.8000 > 192.168.1.50.4.004: UDP, length 96虚拟主机
18.:32:55.042828 IP 119.147.12.171..8000 > 192.168.1.50.4003: UDP, length 96--------------彩票
18:32:55.07.5355 IP 192.168.1.50.4007 > 219.1.33.60.34.8000: UDP, length 76教育
18:32:55.076252 IP 192.168.1.50.4008 > 219.133.48.87.800.0: UDP., length 76             电子
18:32:55.077474 IP .192.168..1.50.4001 > 58.60.14.44.8000: UDP, length 132    外汇
18:32:.55.090794 IP 219.133.60.34.8000 > 192.168.1..50.4007: UDP, length 96.
18.:32:55.091595 IP 219.133.48.87.8000 > 192..168.1.50.4008: UDP, length 96              乙肝
18:32:55.10189.1 IP 58.60.14.44.8000 > 192.168..1.50.4001: UDP, length 88             电子
18:32:55.104947 IP 192.168.1.50.4001 > 58.60.14.44.8000: UDP, length.. 644           女人
18:32:55..122060 IP 58.60.14.44.8000 > 192.168.1.50.4001: UDP, l.ength 304<性病>
18:32:55.122777 IP 192.168.1.50.40.01 > 58.60.14.44.8000: UDP, length 35.8.
18:32:55.125827 IP 58.251.62.61.8000 > 192..168.1.50.4002: UDP, lengt.h 112域名
18:.32:55.125836 IP 58.251.60.46.8000 > 192.168.1.50.4005: UDP, length 1.12服务器
18:32:55.127026 IP. 192.168.1.50.4002 > 58.2.51.62.68.8000: UDP, length 76.
18:32:55.1.27885 .IP 192.168.1.50.4005 > 58.251.63.126.8000: UDP, length 76.
18.:32:55.140319 IP 58.60.14.44.8.000 > 192.168.1.50.4001: UDP, length 392健康
18:32:55.231579 IP 58.25.1.63.126.8000 > 1.92.168.1.50.4005: UDP, length 96.
18:32:55..23190.2 IP 192.168.1.50 > 58.251.63.126: ICMP 192.168..1.50 udp port 4005 unreachable, length 132--------------彩票
18:32:55.25.5035 IP .58.251.62.68.8000 > 192.168.1.50.4002: UDP, length 96           女人
18:32:55.255385. IP 192.168.1.50 >. 58.251.62.68: ICMP 192..168.1.50 udp port 4002 unreachable, length 132(        游戏          )
18:32:55.292628 IP 192.168.1.50.4000 > 58.60.14.4.4.8000: UDP, lengt.h 134           鲜花
18:32:55.301992 IP 192.168.1.50.4000 >. 58.60.14.44.8000: UDP, len.gth 486            杀毒
18:32:56.296231 arp wh.o-has 192.168.1.246. tell 192.168.1.50(        游戏          )
18:32:57.318783 IP 192.16.8.1.50.4000 > 58.60.14.44.8000: UDP, length. 134教育
18:32:57.318824. IP 192.168.1.50.4000 > 58.60.1.4.44.8000: UDP, length 486.
18:32:59.366124 IP 192.168.1.50.1..032 > 255.255.255.255.13: UDP, length 1域名
18:32:59.397094 IP 192.168.1.50.4000 > 58..60.14.44.8000: UD.P, length 134.
18:32:59..397131 IP .192.168.1.50.4000 > 58.60.14.44.8000: UDP, length 486健康
18:33:01.4749.42 IP 192.168.1.50.400.0 > 58.60.14.44.8000: UDP, length 134.
18:33:01.474978 IP 192.168.1.50..4000 > 58.60.14.44.8000: UDP, length. 486虚拟主机
18.:33:03.553282 IP 192.168.1.50.4000 > 58.60.14.44.8000: UDP., length 134学习
18:33:03.55332.6 IP 192.168.1.50.4000 > 58.60..14.44.8000: UDP, length 486           建材
18:33.:04.3657.37 IP 192.168.1.50.1032 > 255.255.255.255.13: UDP, length 1             电子
18:33:05.631233 IP 192.168.1..50.4000 > .58.60.14.44.8000: UDP, length 134.
18:33:05.631262 IP 192.168.1..50.4000 > 58.60.14.44.800.0: UDP, length 486外贸
18:33:07.709682 IP 192.168.1.50..4000 > 58.60.14.44.8000: UDP, leng.th 134--------------彩票
18:33:07.709726 IP 1.92.168.1.50.4000 > 58.60.14.44..8000: UDP, length 486.
18:33:09.365846 IP 192.168.1.50.1032 > 255.255.255.255.1.3: UDP., length 1.
18:33:09.833916 IP 192.168.1.50.56723 > 222.246.129.80.53:  38261+ A? rs7.qq.com. (2http://upload.bbs.csuboy.com/Mon_1004/126_6643_31ffde71d54d97a.gif[/img].
18:33:09.842666 IP 222.246.129.80.53 > 192.168.1.50.567.23:  38261 16/3/3 A 118.123.235.33,.[|domain.].
18:33:09.846588 IP 19.2.168..1.50.5000 > 118.123.235.33.8000: UDP, length 67.
18:33:09..874319 IP 118.123.235.33.8000 > 192.168.1.50.5000: UDP, length .43.
18:33:09.887525 IP 192.168.1.50.49703 > 22.2.246.129.80.53:  47263+ A? tcpc.onn.tencent..com. (37)
18:33:09...896763 IP 222.246.129.80.53 > 192.168.1.50.49703:  47263 12/3/3. A 219.133.49.211,[|domain].
18:33:09.917079 IP 192.168.1.50.53851 > 222.246.129.80.53:  62859+ A? tcpconn2.tencent.com. (3http://upload.bbs.csuboy.com/Mon_1004/126_6643_31ffde71d54d97a.gif[/img].
18:33:09.925444 IP 2.22.246.129.80.53 > 192.168.1.50.53851:  62859 14/2./3 A 219.1.33.62.2[|domain]--------------彩票
18:33:09.931161 IP 192.168.1.50.51904 > 222.246.129.80.53:  48971+ A? tcpconn3.tencent.com. (3http://upload.bbs.csuboy.com/Mon_1004/126_6643_31ffde71d54d97a.gif[/img]          婚庆
1.8:33:09.9.41235 IP 222.246.129.80.53 > 192.168.1.50.51904:  48971 16/2/2 A 58.60.14.46[|d.omain]           建材
18:33:09.946651 IP 192.168.1.50.63341 > 222.246.129.80.53:  24029+ A? tcpconn4.tencent.com. (3http://upload.bbs.csuboy.com/Mon_1004/126_6643_31ffde71d54d97a.gif[/img]    健康
18:33:09.959345 .IP 222.246..129.80.53 > 192.168.1.50.63341:  24029 13/2/3 A 119.147.12.180[|domain.]              乙肝
18:33:09.965331 IP 192.168.1.50.58113 > 222.246.129.80.53:  35992+ A? tcpconn5.tencent.com. (3http://upload.bbs.csuboy.com/Mon_1004/126_6643_31ffde71d54d97a.gif[/img]域名
18:33.:09.984.361 IP 222.246.129..80.53 > 192.168.1.50.58113:  35992 12/2/3 A 58.251.62.15[|domain].
18:33:09.989647 IP 192.168.1.50.63297 > 222.246.129.80.53:  40322+ A? tcpconn6.tencent.com. (3http://upload.bbs.csuboy.com/Mon_1004/126_6643_31ffde71d54d97a.gif[/img]电影
18:33:09.99801.7 IP 222.24.6.129.80.53 > 192.168.1.50.63297:  40322 10/2/2 A 121.14.9.8.31[|domain]学习
1.8:33:1.0.009289 IP 192.168.1.50.1238. > 219.133.49.211.80: S 948099356:948099356(0) win 65535 <mss 1460,nop,wscale 2.,nop,nop,sackOK>.
18:33:10..010224 IP 192.168.1.50.1239 >. 219.133.62.2.80: S 1112780532:1112780532(0) win 65535 <mss 1460,nop,wscale 2,nop.,nop,sackO.K>             汽车
18:33:10.010913. IP 192.168.1.50.1240 > 58.60.14.46.80: S 3304375687:3304375687(0) win 65535 .<mss. 1460,nop,.wscale 2,nop,nop,sackOK>           女人
1.8:33:10.0119.01 IP 192.168.1.50.1241 > 119.147.12.180.80: S 1763879388:17.6.3879388(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK>--- 印刷
18:33:10..012563 IP 192.168.1.50.1242 > 5.8..251.62.15.80: S 3528059045:3528059045(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackO.K>.
18.:33:10.013140 I.P 192.168.1.50.1243 > 121.14.98.31.80: S 619979785:619979785(0) win 65535 <.mss 1460,nop,wscale 2,nop,no.p,sackOK>外贸
18:33:10.022764 IP 219.1.33.49.211.80 > 192.168.1.50.1238: S 34726424:3472.6424.(0) ack 948099357 win. 5840 <mss 1460,nop,nop,sackOK,nop,wscale 0>.
18:33:10.022774 IP 219.13.3.62.2.80 > 192.168.1.50.1239: S 1006271037.:100627103.7(0) ack 1112780533 win 5840 <mss 1460,nop,nop,sac.kOK,nop,wscale 0>学习
18:33.:10.022862 IP 192.168.1.50.1238 > 219.133.49.211.80: . ack 1 w.in 64240.
18:33:10.022891 IP 192.168..1.50.1239 > 219.133.62.2.80: . ack 1 w.in 64240学习
18:33:10.023051 IP 192.168.1.50.1238 > 219.133.49.211.80: P 1:79(7 ack 1 win 64240http://upload.bbs.csuboy.com/Mon_1004/126_6643_31ffde71d54d97a.gif[/img]电脑
18:33:10.023105 IP 192.168.1.50.1239 > 219.133.62.2.80: P 1:79(7 ack 1 win 64240http://upload.bbs.csuboy.com/Mon_1004/126_6643_31ffde71d54d97a.gif[/img](        游戏          )

[ 本帖最后由 zngell 于. 2010-1.-24 18:41 编辑 ].

不一定跟nat有关系吧。你公司用的是adsl拨号？还是专线？
测试一下如果去掉nat，qq登录是否快？

我们公司没有出现问题啊，不知lz是什么连接方式，还有贴出你的防火墙脚本。

QUOTE:原帖由 emmoblin 于 2010-1-22 10:21 发表
不一定跟nat有关系吧。你公司用的是adsl拨号？还是专线？
测试一下如果去掉nat，qq登录是否快？


感谢你的回复.
光纤,不存在线路带宽问题,用硬路由没有一点问题,去掉NAT应该都没有一点问题了.

QUOTE:原帖由 jianasonic 于 2010-1-22 11:19 发表
加一条试试
iptables -I  FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT


感谢你的回复.
这条已经加了.

QUOTE:原帖由 zhoutao0712 于 2010-1-22 11:25 发表
很多问题只有现场才能解决：
1.没做QOS流量控制或者做的有问题（可能性很大）
2.环路形成广播风暴
3.病毒攻击或者恶意ARP欺骗。
4.恶意的内网DOS或者外网DDOS攻击


感谢你的回复.
我想这个东西跟QOS流量应该没有那么多影响吧?你说慢个几秒十秒都可以,但是30秒以上的差距....我做过.小包优先,流量控制等,做与不做都是一样的效果,对此问题没有任何作用!
硬路由也没有做!

QUOTE:原帖由 wendaozhe 于 2010-1-22 11:28 发表
我们公司没有出现问题啊，不知lz是什么连接方式，还有贴出你的防火墙脚本。


防火墙只有几条最基本的.

iptables -P INPUT DROP
iptables -A INPUT lo -j ACCEPT
iptabels -A INPUT192.168.1.0/24

forward链、nat、mangle、raw表呢？