Some time ago I had a very long battle with iptables only to discover that they were fine all the time - turned out that /proc/sys/net/ipv4/ip_forward was 0. I'm pretty sure I didn't setup it like this but I didn't investigate the reasons. I turned it on, added ``FORWARD_IPV4="yes"`` to /etc/sysconfig/network, made sure it's enabled when I bring the net up -- and I've been a happy masquerading user since (windoze' connection sharing mangled all masqueraded scp and cvs, which was more than annoying, Baruch ShePtaranu ;).
However, today in the middle of peaceful browsing and sshing I lost the masqueraded internet access. Mozilla stopped loading pages (infinite connecting to host <host>...). An ssh into technion kept working for some time but I later found it disconnected (perhaps caused by apmsleep, see below). After long battling with iptables I finally remembered what I fixed originally. Guess what, ip_forward was 0 again! This would seem to mean that it dropped to 0 from it's own will. Now I looked at the system log and I see this (zion is the masquerading host): Jul 30 16:45:43 zion sshd(pam_unix)[3264]: session opened for user beni by (uid=500) Jul 30 16:45:56 zion su(pam_unix)[3304]: session opened for user root by beni(uid=500) Jul 30 16:51:05 zion network: Shutting down interface eth0: succeeded Jul 30 16:51:05 zion network: Shutting down interface eth1: succeeded Jul 30 16:51:05 zion network: Shutting down loopback interface: succeeded Jul 30 16:51:05 zion sysctl: net.ipv4.ip_forward = 0 Jul 30 16:51:05 zion network: Disabling IPv4 packet forwarding: succeeded Jul 30 16:51:06 zion apmd[2373]: User Suspend Jul 30 19:51:52 zion kernel: usb-ohci.c: USB suspend: usb-00:01.2 Jul 30 19:51:52 zion kernel: usb-ohci.c: USB suspend: usb-00:01.3 Jul 30 19:51:52 zion kernel: usb-ohci.c: USB continue: usb-00:01.2 from host wakeup Jul 30 19:51:52 zion kernel: usb-ohci.c: USB continue: usb-00:01.3 from host wakeup Jul 30 16:51:55 zion kernel: eth1: Setting 100mbps full-duplex based on auto-negotiated partner ability 41e1. Jul 30 16:51:56 zion kernel: eth0: Media Link On 10mbps half-duplex Jul 30 16:51:58 zion netfs: Mounting other filesystems: succeeded Jul 30 16:51:58 zion netfs: Mounting other filesystems: succeeded Jul 30 16:51:59 zion apmd[2373]: Normal Resume after 00:00:53 (-1% unknown) AC power That's a full netword shutdown (except ppp0 which I never managed to intergrate into the system's network scripts). Apparently it was triggered by an apm suspend. Indeed I ssh'ed into the host around then - but *after* I saw the net doesn't work! It stopped working before that, around 16:30. Among other things I called `apmsleep`, checking the theory that the connection might be broken because the computer is asleep (obviously it wasn't this - when I suspended it, even the ssh got stuck, I had to press a key to make it wake up). The wakeup apparently made the kernel bring the net up, but without going through the network init scripts, so ip forwarding was never restored. If you ask me, that's broken behavior. This explains why ip_forward was 0 but not why I lost the connection in the first place. It could have got disabled before that. There is no evidence either way - there are no other sysctl messages but they come from /etc/init.d/network, not from changing the setting (via /proc or sysctl). There are no other interesting messages anywhere in /var/log from this time (on both computers). The remaining questions: is it possible for ip_forward to drop to 0 with no visible reason? Has anyone ever experienced this? Sounds too strange. Any other ideas? Any tips for what to check if it happens again (except for not trying apmsleep ;)? -- Beni Cherniavsky <[EMAIL PROTECTED]> Put a backslash at the evening to continue hacking onto the next day. ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
