/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */ I am having some probs with packet collisions whenever port 80 (Web server behind the IP Masq firewall) is accessed. I have used a REDIR instead of PORTFW'ing port 80 so that I can access my personal Web site from inside the network, but I am not sure if this is the root of the problem or not. The collisions are making for some rather slow serving of the Web pages. Anyone have any idea how this can be corrected (or at least what is actually wrong). Any help is greatly appreciated! Diagnostics follow >>> ifconfig output: -------------------------- eth0 Link encap:Ethernet HWaddr 00:50:BA:C9:47:3F inet addr: >EXT_IP_ADDR< Bcast: >EXT_IP_ADDR< 255 Mask:255.255.255.0 inet6 addr: fe80::50:bac9:473f/10 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:28640 errors:0 dropped:0 overruns:0 frame:0 TX packets:36352 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:11 Base address:0xf480 eth1 Link encap:Ethernet HWaddr 00:50:BA:C9:3D:F6 inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::50:bac9:3df6/10 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:39027 errors:0 dropped:0 overruns:0 frame:0 TX packets:30050 errors:0 dropped:0 overruns:0 carrier:0 collisions:1188 txqueuelen:100 Interrupt:10 Base address:0xf400 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:35 errors:0 dropped:0 overruns:0 frame:0 TX packets:35 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 netstat -rn: ------------------- Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth1 >EXT_IP_ADDR< 144 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 >EXT_IP_GATE< 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 >EXT_IP_GATE< 1 0.0.0.0 UG 0 0 0 eth0 IP Masq stuff: ------------------ echo "1" > /proc/sys/net/ipv4/ip_forward echo "1" > /proc/sys/net/ipv4/ip_always_defrag /sbin/ipchains -M -S 7200 10 160 /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -i eth0 -s 192.168.0.0/24 -j MASQ # REDIR to HTTP server (IPPORTFW won't handle internal connections) /usr/sbin/redir --lport=80 --cport=80 --caddr=192.168.0.2 & # Enable IPPORTFW redirection to the FTP server /usr/sbin/ipmasqadm portfw -f /usr/sbin/ipmasqadm portfw -a -P tcp -L >EXT_IP_ADDR< 21 -R 192.168.0.2 2 _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
