/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Sam <[EMAIL PROTECTED]> wrote:
>
> The one annoying problem i seem to be encoutering is that my masq
> client (windows XP professional) will loose connectivity
> intermittently to the masq server and internet..
If your machines are for some reason flooding the server with
connections, it will run out of connection-tracking "slots" in which to
keep track of it all.
At a time when the connectivity is lost, login to the masq server and
run this command:
cat /proc/net/ip_conntrack
You might see a lot of very long lines, that describe each connection.
Here's an example:
tcp 6 71 SYN_SENT src=192.168.1.10 dst=24.197.86.87 sport=4765
dport=1214 [UNREPLIED] src=24.197.86.87 dst=66.228.134.42 sport=1214
dport=4765 use=1
This is a TCP connection, in the SYN_SENT state. The source machine in
your local net is 192.168.1.10, source port 4765, trying to reach
24.197.86.87 on destination port 1214. The connection has yet to
receive a reply from that host, so the system is still tracking it,
waiting for either the client to give up, or the server to respond.
If you see a tremendous number of these, look for patterns in the
connections that might help you determine who is causing the floods of
traffic, and what is the nature of the flooding.
One possibility is that your clients might be sending a large number of
DNS requests (UDP, destination port 53). If that's the case, running a
caching-only name server on your masq gateway could easily alleviate
that situation.
Another possibility is that one of your windows boxes has a virus that
floods the network with connection attempts. In any case, the
ip_conntrack listing should show you what is happening.
--
[EMAIL PROTECTED] (Fuzzy Fox) || "Good judgment comes from experience.
sometimes known as David DeSimone || Experience comes from bad judgment."
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
