/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Sean wrote:
> I recently posted a problem I had with loging on to
> Samba with IP Masqurading enabled. The problem is
> however more general, It's as follows
>
> Firstly I have an RH6.1 system with the 2.2.16-3
> kernel installed. I have a 56k dialup ppp conection
> which I start form the server (logged on as any valid
> user NOT root).
>
> When logged on I can access the internet from either
> of my Windows clients. BUT.
>
> I'm facing the following scenario
>
> I start a download of data off the internet on the
> SERVER by any valid method HTTP, FTP etc, and it uses
> the TOTAL bandwidth available on my internet
> connection.
>
> I then try to connect to the server from any of my
> clients by any method (ie ping, samba authentication,
> telnet etc) and the connection times out.
>
> The load on the internet PPP conection on the server
> decreases
>
> Now I can see the server again.
>
> My PPP IP is assigned dynamically at connect time.
>
> With IP Masqurading dissabled I have no problems.
>
> This problem has occured with all kernel versions I
> have tried so It must be an option I'm missing
>
> The following are my rc.firewall and sysctl.conf files
>
> rc.firewall (Coppied directly from IP Masqurading
> HOWTO) (NB the pdf version of this howto cuts the ends
> off lines in the script :P )
>
> #!/bin/sh
> /sbin/depmod -a
> /sbin/modprobe ip_masq_ftp
> /sbin/modprobe ip_masq_raudio
> /sbin/modprobe ip_masq_irc
> echo "1" > /proc/sys/net/ipv4/ip_forward
> echo "1" > /proc/sys/net/ipv4/ip_always_defrag
> echo "1" > /proc/sys/net/ipv4/ip_dynaddr
> /sbin/ipchains -M -S 7200 10 160
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -A forward -s 192.168.1.2/24 -j MASQ
> #IP address of the ethernet adapter connected to my
> subnet
>
> sysctl.conf
>
> net.ipv4.ip_forward = 1
> net.ipv4.conf.all.rp_filter = 1
> net.ipv4.ip_always_defrag = 1
> kernel.sysrq = 0
try it without the ip_always_defrag set. there's no need for this
after about kernel version 2.2.11 (i think) and it does terrible
things to forwarding performance. that might be the problem? mind
you, i have this set and haven't noticed any problem.
raf
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
