From: Fuzzy Fox <[EMAIL PROTECTED]> To: Alex Gein <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED] Subject: Re: IP Masquerading works, but needs reboots... Date: Fri, 13 Jun 2003 17:15:08 -0500
Alex Gein <[EMAIL PROTECTED]> wrote: > > However, I have this issue where after an arbitrary period of time > (sometimes hours, sometimes a few days) the ip masquerading halts and > will not work again, until the machine is rebooted.
You should not just reboot the machine; instead you should log in, check logs, see if you can find error messages that might point up the problem.
The most common cause for this is overloading of the connection table (too many connections at once). The most common cause of THAT is that you forward all your DNS queries to your ISP, forcing the firewall to keep track of every query, filling up its table.
That makes sense.
But the only way to know for sure is by checking logs (looking for connection table full messages) or by running status commands like "ipchains -L -M -n" to see what connections dominate the table.
I've tried looking through the logs for error messages, but I'm not exactly sure which log to look at. I've spent a good hour trawling through the syslog to no avail. I don't use ipchains either, I use iptables (Kernel 2.4). Any idea which log to look at?
> Now, I know the HOWTO mentions (in 7.35) a port forwarding tool, > IPAUTOFW, and that my kernel is more than likely configured to use it, > but how do I find this out?
Problems with autofw will only arise if you use it. Which means that you would have to have run some ipautofw commands in order to invoke that service. And hopefully you would know if you did that.
This is the same logic I followed, but the HOWTO leads me to think it will be used automatically or something, like the distribution of mandrake I have is already configured to use it.
_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
