[CentOS] CentOS 6.8, Iptables 1.4.7, and MASQUERADE

Tue Sep 20 21:03:24 UTC 2016
Robert Heller <heller at deepsoft.com>

I have a server that is also a firewall router at a public library with a
fiber optic Internet connection. It is running kernel
2.6.32-642.4.2.el6.x86_64 (current CentOS 6.8) and Iptables 1.4.7 (current
stock CentOS 6.8). I having trouble with Internet throughput. I am supposed to
be getting 20Mbits down and 20MBits up, but I am not getting that. It has no
problem doing 20MBits down, but for uploads of *large* files (using different
protocols, such as ssh or http), the upload starts at 20MBits, but over time
quickly slows down to about 3MBits. Speedtests claim I am getting about 20/20.
I seem to be about to get 3Mbits *per transfer*, even if the transfers are
concurrent and MRTG shows total throughput edging up to 6Mbits.

What can possibly be going on.  My ISP is not believing there is anything 
wrong on their end.  About the only thing left is maybe some sort of weirdness 
with Iptables imposing some sort of I/O overhead, maybe related to the 
MASQUERADE postrouting.  Does this even make sense?

Robert Heller             -- 978-544-6933
Deepwoods Software        -- Custom Software Services
http://www.deepsoft.com/  -- Linux Administration Services
heller at deepsoft.com       -- Webhosting Services