On Wed, 28 Apr 1999 00:04:55 +0300,
Pekka Savola <[EMAIL PROTECTED]> wrote:
>I have no idea what to make if this log, but perhaps you've done this kind
>of analyses more. It is probable, as suggested by RZG (refer to my
>previous mail) that this is caused by ipmasqadm autofw (forwarding ports
>2000 -> 2100 for internal irc causes serious problems).
>ipmasqadm autofw -F
>ipmasqadm autofw -A -i -r tcp 2000 2111 -h 192.168.1.1
>ipmasqadm autofw -A -i -r udp 4000 4001 -h 192.168.1.1
RZG was correct, it is a conflict between autofw and normal port usage.
Extract from tcpdump.
925246793.961125 masq.2004 > external.21: S 1248164351:1248164351(0)
win 32120 <mss 1460,sackOK,timestamp 30772881
0,nop,wscale 0> (DF)
925246793.966728 external.21 > masq.2004: S 188619689:188619689(0) ack
1248164352 win 33580 <mss 1460,nop,wscale 0> (DF)
925246793.969185 masq.2004 > external.21: R 1248164352:1248164352(0)
win 0
925246796.960401 masq.2004 > external.21: S 1248164351:1248164351(0)
win 32120 <mss 1460,sackOK,timestamp 30773181
0,nop,wscale 0> (DF)
925246796.964954 external.21 > masq.2004: S 190307707:190307707(0) ack
1248164352 win 33580 <mss 1460,nop,wscale 0> (DF)
925246796.966717 masq.2004 > external.21: R 1248164352:1248164352(0)
win 0
The masq box tries to connect to external ftp, using a source port
of 2004. external replies to 2004, autofw thinks the packet is
for an internal host instead of masq and sends it inside. The internal
host has no record of such a session so it sends RST which gets
converted to look like it came from masq.
As it stands, any connection from the masq box using ports 2000-2111 or
4000-4001 will hit this problem. Temporary work around,
echo "4002 59999" > /proc/sys/net/ipv4/ip_local_port_range
will stop the masq box using ports which overlap with autofw ports.
A longer term fix is some way for normal port selection to not use any
port that is the subject of autofw.
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
