Annoying Problem - I need help!

Paul Sinclair paul@aadvance.com
Wed, 20 Jun 2001 13:03:30 +1000 

This is a multi-part message in MIME format.

------=_NextPart_000_0011_01C0F989.67283D20
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

I have a problem with my iptables that has probably already been addressed
and I would appreciate if anyone could head me into the right direction. My
configuration is my Linux box has 2 nics, one going to the cable modem and
the other going to a hub, which connects my LAN of a few Windows 98 boxes.
Obviously the Linux box is masquerading for the windows machines. I have
removed the ipchains module and have iptables configured. I have also
downloaded a firewall script called gShield from
http://muse.linuxmafia.org/gshield.html.

My problem is that no matter what I do, every 5 or 10 minutes, my connection
to the Internet dies for about 30 seconds. If I look at the linux box
/var/log/messages, i see a whole bunch of unclean drops (not sure what that
means). I thought this may have been something to do with gShield so I
downloaded another firewall script and had the exact same problems. I also
want to note that I previously had RH6.1 working just fine using ipchains
with the same hardware, etc.

/var/log/messages output:

Jun 20 12:44:04 bpalogin[973]: Timed out waiting for heartbeat - logging on
Jun 20 12:44:05 bpalogin[973]: Logged on as xxxxxxx - successful at Wed Jun
20 12:44:05 2001
Jun 20 12:44:56 kernel: ipt_unclean: IP option 116 at 20 too long
Jun 20 12:44:56 kernel: gShield (unclean drop) IN=eth0 OUT=
MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=xx.xx.xxx.xxx DST=224.0.0.1 LEN=32
TOS=0x00 PREC=0x00 TTL=1 ID=58601 PROTO=2
Jun 20 12:46:56 kernel: ipt_unclean: IP option 203 at 20 too long
Jun 20 12:46:56 kernel: gShield (unclean drop) IN=eth0 OUT=
MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=xx.xx.xxx.xxx DST=224.0.0.1 LEN=32
TOS=0x00 PREC=0x00 TTL=1 ID=59671 PROTO=2
Jun 20 12:48:56 kernel: ipt_unclean: IP option 98 at 20 too long
Jun 20 12:48:56 kernel: gShield (unclean drop) IN=eth0 OUT=
MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=xx.xx.xxx.xxx DST=224.0.0.1 LEN=32
TOS=0x00 PREC=0x00 TTL=1 ID=60743 PROTO=2
Jun 20 12:49:14 kernel: gShield (default drop) IN=eth0 OUT=
MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=xx.xx.xxx.xxx DST=203.45.167.81 LEN=36
TOS=0x00 PREC=0x00 TTL=62 ID=35116 DF PROTO=UDP SPT=5051 DPT=32769 LEN=16
Jun 20 12:49:24 kernel: gShield (default drop) IN=eth0 OUT=
MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=xx.xx.xxx.xxx DST=203.45.167.81 LEN=36
TOS=0x00 PREC=0x00 TTL=62 ID=35117 DF PROTO=UDP SPT=5051 DPT=32769 LEN=16

Does anyone have any suggestions?





------=_NextPart_000_0011_01C0F989.67283D20
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.50.4611.1300" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D020313902-20062001><FONT face=3DVerdana size=3D2>I =
have a problem=20
with my iptables that has probably already been addressed and I would =
appreciate=20
if anyone could head me into the right direction. My configuration is my =
Linux=20
box has 2 nics, one going to the cable modem and the other going to a =
hub, which=20
connects my LAN of a few Windows 98 boxes. Obviously the Linux box is=20
masquerading for the windows machines. <SPAN =
class=3D020313902-20062001><FONT=20
face=3DVerdana size=3D2>I have removed the ipchains module and have =
iptables=20
configured. I have also downloaded a firewall script called gShield from =
<A=20
href=3D"http://muse.linuxmafia.org/gshield.html">http://muse.linuxmafia.o=
rg/gshield.html</A>.=20
</FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D020313902-20062001><FONT face=3DVerdana =
size=3D2><SPAN=20
class=3D020313902-20062001><FONT face=3DVerdana=20
size=3D2></FONT></SPAN></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D020313902-20062001><FONT face=3DVerdana =
size=3D2><SPAN=20
class=3D020313902-20062001><FONT face=3DVerdana size=3D2>My problem is =
that no matter=20
what I do, every 5 or&nbsp;10 minutes, my connection to the Internet =
dies for=20
about 30 seconds. If I look at the linux box /var/log/messages, i see a =
whole=20
bunch of unclean drops (not sure what that means). I thought this may =
have been=20
something to do with gShield so I downloaded another firewall script and =
had the=20
exact same problems. I also want to note that I previously had RH6.1 =
working=20
just fine using ipchains with the same hardware,=20
etc.</FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D020313902-20062001><FONT face=3DVerdana =
size=3D2><SPAN=20
class=3D020313902-20062001></SPAN></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D020313902-20062001><FONT face=3DVerdana =
size=3D2><SPAN=20
class=3D020313902-20062001>/var/log/messages =
output:</SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D020313902-20062001><FONT face=3DVerdana =
size=3D2><SPAN=20
class=3D020313902-20062001></SPAN></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D020313902-20062001><FONT face=3DVerdana =
size=3D2><SPAN=20
class=3D020313902-20062001>Jun 20 12:44:04 bpalogin[973]: Timed out =
waiting for=20
heartbeat - logging on <BR>Jun 20 12:44:05 bpalogin[973]: Logged on as =
xxxxxxx -=20
successful at Wed Jun 20 12:44:05 2001 <BR>Jun 20 12:44:56 kernel: =
ipt_unclean:=20
IP option 116 at 20 too long<BR>Jun 20 12:44:56 kernel: gShield (unclean =
drop)=20
IN=3Deth0 OUT=3D MAC=3Dxx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=3Dxx.xx.xxx.xxx =
DST=3D224.0.0.1=20
LEN=3D32 TOS=3D0x00 PREC=3D0x00 TTL=3D1 ID=3D58601 PROTO=3D2 <BR>Jun 20 =
12:46:56 kernel:=20
ipt_unclean: IP option 203 at 20 too long<BR>Jun 20 12:46:56 kernel: =
gShield=20
(unclean drop) IN=3Deth0 OUT=3D MAC=3Dxx:xx:xx:xx:xx:xx:xx:xx:xx:xx =
SRC=3Dxx.xx.xxx.xxx=20
DST=3D224.0.0.1 LEN=3D32 TOS=3D0x00 PREC=3D0x00 TTL=3D1 ID=3D59671 =
PROTO=3D2 <BR>Jun 20=20
12:48:56 kernel: ipt_unclean: IP option 98 at 20 too long<BR>Jun 20 =
12:48:56=20
kernel: gShield (unclean drop) IN=3Deth0 OUT=3D =
MAC=3Dxx:xx:xx:xx:xx:xx:xx:xx:xx:xx=20
SRC=3Dxx.xx.xxx.xxx DST=3D224.0.0.1 LEN=3D32 TOS=3D0x00 PREC=3D0x00 =
TTL=3D1 ID=3D60743 PROTO=3D2=20
<BR>Jun 20 12:49:14 kernel: gShield (default drop) IN=3Deth0 OUT=3D=20
MAC=3Dxx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=3Dxx.xx.xxx.xxx =
DST=3D203.45.167.81 LEN=3D36=20
TOS=3D0x00 PREC=3D0x00 TTL=3D62 ID=3D35116 DF PROTO=3DUDP SPT=3D5051 =
DPT=3D32769 LEN=3D16=20
<BR>Jun 20 12:49:24 kernel: gShield (default drop) IN=3Deth0 OUT=3D=20
MAC=3Dxx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=3Dxx.xx.xxx.xxx =
DST=3D203.45.167.81 LEN=3D36=20
TOS=3D0x00 PREC=3D0x00 TTL=3D62 ID=3D35117 DF PROTO=3DUDP SPT=3D5051 =
DPT=3D32769 LEN=3D16=20
</SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D020313902-20062001><FONT face=3DVerdana =
size=3D2><SPAN=20
class=3D020313902-20062001></SPAN></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D020313902-20062001><FONT face=3DVerdana =
size=3D2><SPAN=20
class=3D020313902-20062001>Does anyone have any=20
suggestions?</SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D020313902-20062001><FONT face=3DVerdana =
size=3D2><SPAN=20
class=3D020313902-20062001></SPAN></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D020313902-20062001><FONT face=3DVerdana =
size=3D2><SPAN=20
class=3D020313902-20062001>&nbsp;</DIV>
<DIV><BR></DIV></SPAN></FONT></SPAN></BODY></HTML>

------=_NextPart_000_0011_01C0F989.67283D20--