Odd firewall problem.

Cameron hiryu@21andover.com
Mon, 24 Sep 2001 21:12:48 -0700 (PDT) 

That doesn't quite sound like the problem I'm having, I'll try the first
suggestion I got and see if that works first.

Thanks.

-Cameron

On Mon, 24 Sep 2001, Charles Stack wrote:

> I had a similar problem, except that I couldn't see my firewalled servers
> from inhouse at all using the public ip's.
>
> I solved the problem by running a DNS server that resolved my domains to my
> internal network addressing while when on the corporate LAN.  Outside, the
> DNS servers point to the public servers.
>
> Charles
>
>
>
> -----Original Message-----
> From: netfilter-admin@lists.samba.org
> [mailto:netfilter-admin@lists.samba.org]On Behalf Of Cameron
> Sent: Monday, September 24, 2001 6:20 PM
> To: Netfilter Mailing List
> Subject: Odd firewall problem.
>
>
> I sent this email originally a few days ago, at which point I figured
> something had to be wrong with the list as I no emails from it, anyway,
> here's the email:
>
> I'm new to this list, I've been looking over the archives a bit to see if
> I could find anyone else with the same problem as myself and hopefully
> with a solution, I have not (I haven't looked that far back I admit). So I
> decided to join the mailing list and see what help I could get.
>
> Anyway, here's my problem, I run Debian Linux on my PowerPC (it's an older
> motorola starmax clone, 4000/200 with a 200 mhz 604e) and use it for my
> firewall. My firewall seemed to be fine until I reinstalled a while ago.
> Once I reinstalled I got this odd problem. so I reinstalled two more
> times hoping that would fix it, the problem is still there unfortunately.
> I'm using the same exact scripts as I was before. My version of iptables
> and kernel are a bit different though I doubt that would effect me much.
>
> I was running iptables 1.2.2 previously, and kernel version
> 2.4.8-presomething.
>
> I currently have iptables 1.2.3 (I was using 1.2.2 earlier on this
> install) and I am using kernel 2.4.10-pre11.
>
> Ok, now the problem I get is really weird, I can view webpages on some
> servers, but not others from systems behind the firewall, but I CAN view
> these webpages from these servers from the firewall itself (using lynx).
> The problem doesn't appear to be the rules I've setup, I've tried setting
> all table policies to "ACCEPT" and I only had the rule of
> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE The firewall still
> continued to have the same problem.
>
> It appears that when a system behind the firewall attempts to connect,
> there is some ineraction between the client and the server, but then the
> connection dies or is perhaps dropped by the firewall. Perhaps the
> connection isn't properly being tracked?
>
> I'm using Pacific Bell ADSL via PPPoE, and have been the whole time, even
> before this problem came about.
>
> Regardless of the web browser I use, all the browser does is attempt to
> connect, the connection almost starts up, there is some talking between
> the server and the client system, but then I guess the connection is
> dropped, the browser just sorta hangs while it  keeps waiting for data to
> be recieved.
>
> I've tried FreeBSD, Solaris, Linux, Windows2000, NT 4.0, and Windows 98,
> all them have this problem. I've also tried netscape, IE, mozilla, links,
> lynx and galeon.
>
> Here's is one url I am unable to connect to from any system behind the
> firewall, but am able to connect to from the firewall itself:
>
> http://people.unix-fu.org/andreasson/index.html
>
> I've run ethereal to try and see what's going on from my system (a system
> behind the firewall), my system behind the firewall attempts to connect,
> it sends out some packets, the server responds with packets of it's own,
> my system makes an http request, and never gets a response, so the
> browser just keeps waiting for the response that it was supposed to get,
> but never comes. Fortunately, I do not have this problem with most web
> servers, but there's an annoying amount of systems that I do have
> problems with (idsoftware.com is a good example).
>
> If anyone would like me to give any additional/specific information, just
> tell me what you'd like to see/know.
>
> Thanks in advance!
>
> Sorry for the long email, I Just want to make sure I covered all that I
> could think of.
>
> -Cameron
>
>
>