Собственно сабж. Очень медленная скорость передачи файлов по SGTP, которая уменьшается, стремясь к нулю, после чего меня выкидывает. Локальная сеть, CentOS. Также при скорости порта 100 МБит загрузка файлов с интернета и отдача файлов не превышают 500 кбит/с. Куда копать? Довольно жесткие правила защиты на сервере. Но не думаю, что они на это влияют.
[root@server ~]# uname -a
Linux server 2.6.32-358.18.1.el6.i686 #1 SMP Wed Aug 28 14:27:42 UTC 2013 i686 i686 i386 GNU/Linux
[root@server ~]# iptables-save
# Generated by iptables-save v1.4.7 on Sat Oct 5 00:15:02 2013
*mangle
:PREROUTING ACCEPT [48561:41118042]
:INPUT ACCEPT [48561:41118042]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [43203:10552154]
:POSTROUTING ACCEPT [43203:10552154]
-A PREROUTING ! -s 192.168.0.0/24 -p igmp -j DROP
COMMIT
# Completed on Sat Oct 5 00:15:02 2013
# Generated by iptables-save v1.4.7 on Sat Oct 5 00:15:02 2013
*filter
:INPUT ACCEPT [48105:41088477]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [43203:10552154]
-A INPUT -i lo -j ACCEPT
-A INPUT ! -s 192.168.0.0/24 -m set --match-set blacklist src -j DROP
-A INPUT ! -s 192.168.0.0/24 -p udp -m udp -j DROP
-A INPUT ! -s 192.168.0.0/24 -p icmp -m icmp --icmp-type any -j DROP
-A INPUT ! -s 192.168.0.0/24 -p tcp -m tcp -m connlimit --connlimit-above 30 --connlimit-mask 32 -j SET --add-set blacklist src
-A INPUT ! -s 192.168.0.0/24 -m geoip ! --source-country RU,UA,BY,DE,EE,EU,FI,IS,KZ,LT,LV,NO,PL,UZ,US -j DROP
-A INPUT ! -s 192.168.0.0/24 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j REJECT --reject-with tcp-reset
-A INPUT ! -s 192.168.0.0/24 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -j REJECT --reject-with tcp-reset
-A INPUT ! -s 192.168.0.0/24 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j REJECT --reject-with tcp-reset
-A INPUT ! -s 192.168.0.0/24 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j REJECT --reject-with tcp-reset
-A INPUT ! -s 192.168.0.0/24 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j REJECT --reject-with tcp-reset
COMMIT
# Completed on Sat Oct 5 00:15:02 2013
sysctl.conf
net.ipv4.conf.all.rp_filter=1
net.ipv4.conf.lo.rp_filter=1
net.ipv4.conf.eth0.rp_filter=1
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.accept_source_route=0
net.ipv4.conf.lo.accept_source_route=0
net.ipv4.conf.eth0.accept_source_route=0
net.ipv4.conf.default.accept_source_route=0
net.ipv4.tcp_max_syn_backlog=1024
net.ipv4.tcp_max_tw_buckets=720000
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_tw_recycle=1
net.ipv4.tcp_fin_timeout=15
net.ipv4.tcp_keepalive_time=1800
net.ipv4.tcp_keepalive_probes=7
net.ipv4.tcp_keepalive_intvl=30
net.ipv4.tcp_rmem=4096 8388608 16777216
net.ipv4.tcp_wmem=4096 4194394 16777216
net.ipv4.ip_forward=0
net.ipv4.tcp_syncookies=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.conf.all.send_redirects=0
net.ipv4.conf.all.accept_redirects=0
net.core.somaxconn=8192
net.core.rmem_default=262144
net.core.wmem_default=262144
net.core.rmem_max=8388608
net.core.wmem_max=8388608
net.core.netdev_max_backlog=100
kernel.core_uses_pid=1
kernel.msgmnb=65536
kernel.msgmax=65536
kernel.shmmax=68719476736
kernel.shmall=4294967296
kernel.panic=15
vm.swappiness=30
vm.dirty_ratio=15
fs.file-max=64000
sshd config
AddressFamily inet
Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
SyslogFacility AUTHPRIV
LogLevel INFO
LoginGraceTime 15
PermitRootLogin yes
MaxAuthTries 3
#MaxSessions 3
RSAAuthentication no
PubkeyAuthentication no
#AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody
RhostsRSAAuthentication no
#IgnoreUserKnownHosts no
IgnoreRhosts yes
PasswordAuthentication yes
PermitEmptyPasswords no
ChallengeResponseAuthentication no
KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes
GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
UsePAM no
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
#AllowAgentForwarding yes
AllowTcpForwarding no
#AllowUsers 1337club
#GatewayPorts no
X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
PrintLastLog yes
KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
Compression yes
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
PidFile /var/run/sshd.pid
#MaxStartups 10
PermitTunnel no
#ChrootDirectory none
Banner /etc/ssh/banner
Subsystem sftp /usr/libexec/openssh/sftp-server
#Match User anoncvs
#X11Forwarding no
#AllowTcpForwarding no
#ForceCommand cvs server
