> From: "vvor" <[EMAIL PROTECTED]> > > as i mentioned, i switched to iptables. > > now, every few hours, my roadrunner connection is dropping. this was not > happening with ipchains! here is the part of my log just before it happens. i > tried ifup, but that doesn't help. it fails to acquire the ip address. does > anyone know what is happening? is my nic dying? is it iptables? i wish i had a > clue. (rat is the name of my serer) > <snip> > Oct 7 11:14:56 rat kernel: [UDP reject] IN= OUT=eth0 SRC=24.90.93.125 > DST=24.29.99.107 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=68 > DPT=67 LEN=556 > Oct 7 11:14:56 rat kernel: [UDP drop] IN= OUT=eth0 SRC=192.168.0.1 > DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=68 > DPT=67 LEN=308 <snip>
UDP on port 67 and 68 are for DHCP. You'll note that your iptables rules apparently reject *OUTGOING* UDP packets from your server (from port 68 to port 67, anyway). So, when Roadrunner requests that you renew your DHCP "license" every few hours, your server cannot respond properly, and you get dropped. The second entry above is your server attempting to do DHCP on your internal network, also being blocked. You'll need to examine your iptables rules set to see why you are blocking your own server from sending out UDP packets that are needed for DHCP. One *MAJOR* difference to understand, between ipchains and iptables, is that in iptables, you have three completely separate chains (input, output, forward). A given packet will only traverse one of those chains. In ipchains, the input and output chains are traversed before and after the forward chain. That is, the handling of the "forward" chain has changed significantly between ipchains and iptables. Regards, Jim _______________________________________________ Seawolf-list mailing list [EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/seawolf-list
