I can't explain what is happening. When I was using IPAUTOFW, after
about 4-5 days, the machine would start to screw up MASQing connections.
My only solution was to reboot the box. Once I removed IPAUTOFW,
everything would work forever.
I think one thing that varies here is WHAT you are forwarding.
I bet some things forward better than other for IPAUTOFW.
Here is a email snipet from David Stone and myself about IPAUTOFW.
Basically.. MASQ would work fine for him but he couldn't do
ANYTHING from the console. After he disabled IPAUTOFW.. all his
problems went away. Yes.. this isn't very scientific but its
been proven by a few people now.
--
#1
--
>After booting up, with everything apparently working fine,
>after a bit of web browsing, and internet activity thru the windows
>side of the ip_masq, and after working on the Linux side,
>suddently I am no longer able to telnet, ftp, sendmail, etc,etc
>out of the linux side.
What do you mean by "windows" vs "Linux" side? On a Windows machine
behind the tulip card? On the Linux console?
My first question is.. did you compile in IPAUTOFW? Are you using it?
I've had terrible problems with it and since I compiled it out.. my
boxes have been much more stable in terms of MASQ. If you need that
functionality.. use IPPORTFW.
>Aug 5 14:18:37 calcour in.telnetd[13030]: connect from unknown
>Aug 5 14:19:56 calcour kernel: unexpected TCP packet from 24.92.191.115 to
>port 23 [syn:0|fin:1|rst:0|ack:1]
Is that your IP address? Are you running a DNS server (full blown or
caching) on your Linux box? Are all machines defined in the
/etc/hosts file? Is DNS setup right?
(slackware: /etc/resolv.conf redhat: /etc/resolv.conf and /etc/nsswitch.conf)
Also.. send me a copy of your /usr/src/linux/.config file so I can see
how you compiled your kernel.
>Aug 5 14:12:20 nimo in.telnetd[739]: warning: can't get client address:
>connection timed out
Looks like DNS..
>Now the interesting thing is, If i go thru the ip_masq side
>I can telnet, ftp, etc out thru the windows computer running on the
>ip_masq both to remote computers on the internet, and to my linux
>computer.
Again.. I don't understand your notation here. Be more explict and
using IPs always help.
>Also an other interesting thing is, from the linux system
>even though I cannot telnet, ftp , I am able to ssh to
>other computers on the internet.
Do connections eventually connect? Do you wait a while
(can be minutes)? This smells like DNS again.
>I have checked all the ipfwadm rules, and they match the
>docs perfectly. And as a side point, I ran ip_masq on a dialup
>for over a year without experiencing any thing like this.
But.. you did change connections.. DNS..etc.. plus.. S#$T
happens.
>There are two other friends of mine in the tampa bay area that
>also run ip_masq , and they are encountering the same problem.
Via the RoadRunner service? This could be, again, DNS or you
guys are being attacked from a hacker.
--
--David
.----------------------------------------------------------------------------.
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
