[CLUE-Tech] IPTABLES and connection stalls?

[ian]

Clue-Techies,

I recently upgraded to RedHat 7.1 and in process upgraded from IPCHAINS to IPTABLES due to 
"changed working environment of IPCHAINS".

First the question:
Has anyone had any connection time out problems using IPTABLES with NAT?

Background:

I upgraded from RedHat 7.0 to 7.1 to get and work with the 2.4 kernel.

Originally I used IPCHAINS emulation on the 2.4 kernel so I wouldn't have to waste time
rewriting my firewall rules until I got around to it type of thing.  However my network
is setup like this

Inet <--> Linux GW box <--> Internal LAN (wife's machine & my laptop)

Now the Linux box runs quite a few services too so the firewall is more than just a NAT box.

However we started to experience super long lag times going to websites.  Using Netscape or
IE the connections would stall out (not because of the Inet connection).

So in digging I discovered that the IPCHAINS emulation has a few assumptions that had changed
between kernel 2.2 & 2.4.  Not a good thing.  Suddenly some of the problems made sense.  

So I grunted some and upgrade to IPTABLES.  Didn't fix the main problem.  We still had connection
timeous.  Now I'm starting to get irked.  

At this point my wife can't stand it anymore because sometimes connections even get dropped.  
Unacceptable.  So we get another IP and put her directly onto the internet conneciton.  Not what 
I want to do but she's doing things out on the net and can't put up with the crap of dropped 
or stalled connections. (I don't blame her)

So now.. the only person affected is me and the services that run on the box.  

I upgrade IPTABLES to 1.2.2.. That fixes the problems for a little while.  Ie.  About a day goes
by before I start running into the connection slowdowns and timeouts.  

Any suggestions?

ian