[Bug 118] NAT stops working

bugzilla-daemon@netfilter.org bugzilla-daemon@netfilter.org
Thu, 27 Nov 2003 20:49:01 +0100 

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=118

owlman@ss.pub.ro changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|WORKSFORME                  |



------- Additional Comments From owlman@ss.pub.ro  2003-11-27 20:48 -------
This might be related to bug #121. The behaviour is similar to what I saw, 
though I haven't checked the arp -a myself.

There is this slackware box (kernel 2.4.21 vanilla, no poms) which is doing 
nat/iptables and proxy/squid (and several other services) for a local net of 
about 10 PCs. I encourage my users to use the proxy, while keeping the nat for 
those proxy-unaware apps, like yahoo games and yahoo messenger (and most of the 
file-sharing apps). Once in a while, one of the masqueraded boxes simply loses 
ip connectivity to the net, while all the others keep working just fine. It 
happened to my workstation, too, while having little traffic, so I scrambled at 
the linux box to see what happens to the packets. The debugging tool was 
IPTraf. I noticed the following:

- SYN comes from the workstation, creates an entry in ip_conntrack, then goes 
on the internet
- SYNACK comes from the internet, then disappears in the bowels of the kernel
- another SYN for the same connection comes from the workstation, and is 
greeted with a SYNACK by the server which also disappears
- finally, the workstation gets tired of waiting and the connecting application 
fails
- several minutes later the glitch magically clears up, and the missing SYNACKs 
are sent to the workstation, which RSTs them.
- everything works later on

I haven't discovered a method to reproduce this behaviour, and my sysadminning 
is only part time here, as I have windows coding to do.

The detective work I mentioned was done several weeks ago, and the local LUG 
here classified it as a nat/conntrack bug. I didn't save the details and I'm 
sorry about it. There is no archive, because I consulted them by IRC. I'm 
posting this now because one of my users came across this again an hour ago and 
I went to see whether this bug has been solved. Apparently it hasn't :(



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.