Victor, Thank you for responding.
On Sun, Nov 15, 2009 at 09:41:10AM +0100, Victor Julien wrote: > Colin Wetherbee wrote: > > The problem is easiest to find when using SSH because it's rather obvious > > when the terminal simply stops responding. Typically, when it stops > > responding, the connection is never re-established, and eventually, the > > SSH keep-alive decides to tear the connection down. > > > > Here is an excerpt from my log when trying to establish an SSH connection > > from 172.20.40.22 (on 172.20.40.16/28) to 172.20.40.2 (on 172.20.40.0/28). I have another excerpt, which is slightly different, now. Nov 15 15:59:25 lamp kernel: [1220466.684307] vrmr: DROP no SYN IN=eth1 OUT=eth1 SRC=172.20.40.22 DST=172.20.40.2 LEN=116 TOS=0x10 PREC=0x00 TTL=63 ID=14380 DF PROTO=TCP SPT=33687 DPT=22 WINDOW=1448 RES=0x00 ACK PSH URGP=0 ... followed by five similar messages, during which SSH was not responding. Then... Nov 15 16:02:28 lamp kernel: [1220649.963993] vrmr: DROP out INVALID IN= OUT=eth1 SRC=172.20.40.17 DST=172.20.40.22 LEN=576 TOS=0x10 PREC=0xC0 TTL=64 ID=6641 PROTO=ICMP TYPE=5 CODE=1 GATEWAY=172.20.40.2 [SRC=172.20.40.22 DST=172.20.40.2 LEN=612 TOS=0x10 PREC=0x00 TTL=63 ID=14386 DF PROTO=TCP SPT=33687 DPT=22 WINDOW=1448 RES=0x00 ACK PSH FIN URGP=0 ] Nov 15 16:02:28 lamp kernel: [1220649.964081] vrmr: DROP fw INVALID IN=eth1 OUT=eth1 SRC=172.20.40.22 DST=172.20.40.2 LEN=612 TOS=0x10 PREC=0x00 TTL=63 ID=14386 DF PROTO=TCP SPT=33687 DPT=22 WINDOW=1448 RES=0x00 ACK PSH FIN URGP=0 ... at which point, the SSH keep-alive failed, and the connection timed out. The "DROP out INVALID" line seems interesting, as it appears something became very confused about how the packets were supposed to be routed. 172.20.40.22 is the client machine (my laptop), 172.20.40.17 and 172.20.40.1 are virtual interfaces on the machine that's running Vuurmuur, and 172.20.40.2 is the server to which my laptop was connected over port 22. > "Possible states are INVALID meaning that the packet could not be identified > for some reason which includes running out of memory and ICMP errors which > don't correspond to any known connection" > (http://lists.netfilter.org/pipermail/netfilter-devel/2003-June/011860.html) Fair enough. This machine has plenty of free memory, and as far as I can tell, none of the connection errors are associated with ICMP. > You can try the following workarounds: - If you're using Vuurmuur 0.8 beta2 > you can disable the dropping of invalid packets - you can try telling > conntrack to be more "liberal" by setting: "echo 1 > > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal" > (http://lists.netfilter.org/pipermail/netfilter/2006-September/066840.html) I tried setting the liberal option to 1 and experienced the same problem. In fact, the log excerpt earlier in this message corresponds to the connection that dropped while the liberal option was set to 1. As for installing Vuurmuur 0.8b2, I started to follow the Debian instructions and ran into the following errors while running "sh install.sh --unpack". === cut === svn: '.' is not a working copy install.sh: 72: function: not found Installation Failed =================== Please take a look at install.log. If you can't solve the problem mail me at [email protected]. Please include the install.log. exit: 112: Illegal number: --unpack === cut === I'll try again without trying to build the Debian packages and see what happens. > I think it would be interesting to inspect whats really happening on the > wire though, using a tool like wireshark or tcpdump you can maybe uncover > whats really causing this. I'll see what I can do with tcpdump. I've been looking for a Wireshark-like tool that works on the console for a while; do you prefer any one in particular? Thanks again. Colin ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Vuurmuur-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/vuurmuur-users
