Configuration problem with 2.4.7 kernel
Dan
maipuwebo@home.com
Thu, 26 Jul 2001 18:11:07 -0400
This is a multi-part message in MIME format.
------=_NextPart_000_000E_01C115FE.579D7D20
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
okay, i was told by the list administrator my mails were being blocked =
by their spam filters because of the word securities. i have a little =
more info now though. here is what happens when i try to ping from the =
firewalling box after it stops routing packets to my desktop machine.
root:/home/dan# ping www.oop.com
PING www.oop.com (216.54.31.5): 56 octets data
64 octets from 216.54.31.5: icmp_seq=3D0 ttl=3D248 time=3D1000.4 ms
wrong data byte #0 should be 0x84 but was 0x8383 94 60 3b e0 20 b 0
8 9 a b c d e f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f =
20 21 22 23 24 25 26 27
28 29 2a 2b 2c 2d 2e 2f
i have no idea what this means, but im sure someone out there does. =
thanks in advance.
----- Original Message -----=20
From: Dan=20
To: netfilter@lists.samba.org=20
Sent: Wednesday, July 25, 2001 8:41 PM
Subject: Re: Configuration problem with 2.4.7 kernel
I posted my question yesterday, got no response, and usually i dont =
repost like this, but ive seen responses in a matter of hours, so this =
one must have passed yall by.
again, thanks.
----- Original Message -----=20
From: Dan=20
To: netfilter@lists.samba.org=20
Sent: Wednesday, July 25, 2001 12:23 AM
Subject: Configuration problem with 2.4.7 kernel
This is actually a problem ive been having since later than the =
2.4.0-test9 kernel, but im trying to upgrade my kernel and im having a =
problem.=20
Here are my stats:
iptables v1.2.2
kernel 2.4.7
and here is my rc.firewall
#!/bin/bash
OBEWAN=3D192.168.0.1
JARJAR=3D<removed for securities sake> #its the public address
# set up masquerading for everything not destined to the localnets
iptables -t nat -A POSTROUTING -d ! 192.168.0.0/22 -j MASQUERADE
# only forward packages for our subnets
# iptables -A FORWARD -s 192.168.0.0/22 -j ACCEPT
# iptables -A FORWARD -d 192.168.0.0/22 -j ACCEPT
# iptables -A FORWARD -j DROP
#battle comm
iptables -A PREROUTING -t nat -p udp -d JARJAR --dport 2300:2400 -j =
DNAT --to $OBEWAN
iptables -A PREROUTING -t nat -p tcp -d JARJAR --dport 2300:2400 -j =
DNAT --to $OBEWAN
iptables -A PREROUTING -t nat -p tcp -d JARJAR --dport 47624 -j DNAT =
--to $OBEWAN:47624
# enable forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
As i said, it works fine for my 2.4.0-test9 kernel, but with my new =
2.4.7 kernel, it works for a little while and then slows down but never =
completely dies, but gets close enough. this was a common problem in =
ipchains, but i cant impliment the solutions for ipchanis because the =
options in the kernel i need to disable dont exist. is this the same =
problem people were having with ipchains or is this a new one? either =
way, i need help badly and any suggestions ( especially the necessary =
kernel options ) are welcome.
thanks,
dan
------=_NextPart_000_000E_01C115FE.579D7D20
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.50.4134.100" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>okay, i was told by the list =
administrator my mails=20
were being blocked by their spam filters because of the word =
securities. i=20
have a little more info now though. here is what happens when i =
try to=20
ping from the firewalling box after it stops routing packets to my =
desktop=20
machine.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>root:/home/dan# ping <A=20
href=3D"http://www.oop.com">www.oop.com</A><BR>PING <A=20
href=3D"http://www.oop.com">www.oop.com</A> (216.54.31.5): 56 octets =
data<BR>64=20
octets from 216.54.31.5: icmp_seq=3D0 ttl=3D248 time=3D1000.4 =
ms<BR>wrong data byte #0=20
should be 0x84 but was 0x8383 94 60 3b e0 20 b=20
0<BR> 8 9 a b c d e f 10 11 12 =
13 14=20
15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26=20
27<BR> 28 29 2a 2b 2c 2d 2e =
2f<BR>i=20
have no idea what this means, but im sure someone out there does. =
thanks=20
in advance.</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV=20
style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: =
black"><B>From:</B>=20
<A title=3Dmaipuwebo@home.com =
href=3D"mailto:maipuwebo@home.com">Dan</A> </DIV>
<DIV style=3D"FONT: 10pt arial"><B>To:</B> <A =
title=3Dnetfilter@lists.samba.org=20
=
href=3D"mailto:netfilter@lists.samba.org">netfilter@lists.samba.org</A> =
</DIV>
<DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Wednesday, July 25, 2001 =
8:41=20
PM</DIV>
<DIV style=3D"FONT: 10pt arial"><B>Subject:</B> Re: Configuration =
problem with=20
2.4.7 kernel</DIV>
<DIV><BR></DIV>
<DIV><FONT face=3DArial size=3D2>I posted my question yesterday, got =
no response,=20
and usually i dont repost like this, but ive seen responses in a =
matter of=20
hours, so this one must have passed yall by.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>again, thanks.</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV=20
style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: =
black"><B>From:</B>=20
<A title=3Dmaipuwebo@home.com =
href=3D"mailto:maipuwebo@home.com">Dan</A> </DIV>
<DIV style=3D"FONT: 10pt arial"><B>To:</B> <A =
title=3Dnetfilter@lists.samba.org=20
=
href=3D"mailto:netfilter@lists.samba.org">netfilter@lists.samba.org</A> =
</DIV>
<DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Wednesday, July 25, =
2001 12:23=20
AM</DIV>
<DIV style=3D"FONT: 10pt arial"><B>Subject:</B> Configuration =
problem with=20
2.4.7 kernel</DIV>
<DIV><BR></DIV>
<DIV><FONT face=3DArial size=3D2>This is actually a problem ive been =
having=20
since later than the 2.4.0-test9 kernel, but im trying to upgrade my =
kernel=20
and im having a problem. </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Here are my stats:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>iptables v1.2.2</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>kernel 2.4.7</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>and here is my =
rc.firewall</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>#!/bin/bash</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>OBEWAN=3D192.168.0.1</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>JARJAR=3D<removed for securities =
sake> #its=20
the public address</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2># set up masquerading for =
everything not=20
destined to the localnets<BR> iptables -t nat -A POSTROUTING -d =
!=20
192.168.0.0/22 -j MASQUERADE</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2># only forward packages for our =
subnets<BR>#=20
iptables -A FORWARD -s 192.168.0.0/22 -j ACCEPT<BR># iptables -A =
FORWARD -d=20
192.168.0.0/22 -j ACCEPT<BR># iptables -A FORWARD -j =
DROP</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>#battle comm<BR>iptables -A =
PREROUTING -t nat=20
-p udp -d JARJAR --dport 2300:2400 -j DNAT --to $OBEWAN<BR>iptables =
-A=20
PREROUTING -t nat -p tcp -d JARJAR --dport 2300:2400 -j DNAT --to=20
$OBEWAN<BR>iptables -A PREROUTING -t nat -p tcp -d JARJAR --dport =
47624 -j=20
DNAT --to $OBEWAN:47624</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2># enable forwarding<BR> echo =
"1" >=20
/proc/sys/net/ipv4/ip_forward<BR></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>As i said, it works fine for my =
2.4.0-test9=20
kernel, but with my new 2.4.7 kernel, it works for a little while =
and then=20
slows down but never completely dies, but gets close enough. =
this was=20
a common problem in ipchains, but i cant impliment the solutions for =
ipchanis because the options in the kernel i need to disable dont=20
exist. is this the same problem people were having with =
ipchains or is=20
this a new one? either way, i need help badly and any =
suggestions (=20
especially the necessary kernel options ) are welcome.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>thanks,</FONT></DIV>
<DIV><FONT face=3DArial=20
size=3D2>dan</DIV></BLOCKQUOTE></BLOCKQUOTE></FONT></BODY></HTML>
------=_NextPart_000_000E_01C115FE.579D7D20--