Accept my apologies if that was already discussed.
It seems that after some random amount of time outgoing(external) TCP connections fail
(either from
the masqueraded box or the one doing the routing).
It's occuring right now...
My PPTP connection is still up showing no problems.
External UDP/ICMP traffic is ok.
WWW/FTP/whatever is fine on my LAN.
Someone is FTPing from the outside.
(My ADSL modem is on ethernet and the box doing the masquerade is also acting as an
FTP/WWW server)
But every single TCP connection initiated on my side that should get masqueraded just
fail.
I've enclosed a tcpdump output showing the symptoms (lynx www.debian.org) and ifconfig
output.
Here's the relevant firewall rule:
Chain forward (policy ACCEPT: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize source
destination ports
113K 7975K MASQ all ------ 0xFF 0x00 ppp0
10.0.0.0/8 !10.0.0.0/8 n/a
eth0 Link encap:Ethernet HWaddr 00:20:18:2A:3F:0F
inet addr:10.0.0.1 Bcast:10.255.255.255 Mask:255.0.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:806303 errors:0 dropped:0 overruns:0 frame:0
TX packets:1159487 errors:0 dropped:0 overruns:0 carrier:0
collisions:5731 txqueuelen:100
Interrupt:5 Base address:0xb800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:6152 errors:0 dropped:0 overruns:0 frame:0
TX packets:6152 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
ppp0 Link encap:Point-to-Point Protocol
inet addr:193.251.8.34 P-t-P:193.251.8.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1435 Metric:1
RX packets:479716 errors:0 dropped:0 overruns:0 frame:0
TX packets:394874 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
02:55:35.172933 193.251.8.34.1024 > 193.252.19.3.domain: 45254+ A? ns.hands.com. (30)
02:55:35.180037 193.251.8.34.2329 > 198.186.203.20.www: S 21992213:21992213(0) win
32696 <mss 536,sackOK,timestamp 3087515 0,nop,wscale 0>
02:55:35.228505 193.252.19.3.domain > 193.251.8.34.1024: 45254 NXDomain 0/1/0 (91) (DF)
02:55:35.400398 198.186.203.20.www > 193.251.8.34.2329: S 718033359:718033359(0) ack
21992214 win 32696 <mss 536,sackOK,timestamp 406350748 3087515,nop,wscale 0> (DF)
02:55:35.400848 193.251.8.34.2329 > 198.186.203.20.www: R 21992214:21992214(0) win 0
02:55:38.172050 193.251.8.34.2329 > 198.186.203.20.www: S 21992213:21992213(0) win
32696 <mss 536,sackOK,timestamp 3087815 0,nop,wscale 0>
02:55:38.393153 198.186.203.20.www > 193.251.8.34.2329: S 721025440:721025440(0) ack
21992214 win 32696 <mss 536,sackOK,timestamp 406351047 3087815,nop,wscale 0> (DF)
02:55:38.393577 193.251.8.34.2329 > 198.186.203.20.www: R 21992214:21992214(0) win 0
02:55:44.172050 193.251.8.34.2329 > 198.186.203.20.www: S 21992213:21992213(0) win
32696 <mss 536,sackOK,timestamp 3088415 0,nop,wscale 0>
02:55:44.424071 198.186.203.20.www > 193.251.8.34.2329: S 727053624:727053624(0) ack
21992214 win 32696 <mss 536,sackOK,timestamp 406351650 3088415,nop,wscale 0> (DF)
02:55:44.424507 193.251.8.34.2329 > 198.186.203.20.www: R 21992214:21992214(0) win 0
02:55:56.172050 193.251.8.34.2329 > 198.186.203.20.www: S 21992213:21992213(0) win
32696 <mss 536,sackOK,timestamp 3089615 0,nop,wscale 0>
02:55:56.390870 198.186.203.20.www > 193.251.8.34.2329: S 739025686:739025686(0) ack
21992214 win 32696 <mss 536,sackOK,timestamp 406352847 3089615,nop,wscale 0> (DF)
02:55:56.391340 193.251.8.34.2329 > 198.186.203.20.www: R 21992214:21992214(0) win 0
02:56:07.192050 193.251.8.34.2323 > 193.252.19.180.pop3: S 4021985390:4021985390(0)
win 32696 <mss 536,sackOK,timestamp 3090717 0,nop,wscale 0>
02:56:07.249300 193.252.19.180.pop3 > 193.251.8.34.2323: S 3620373145:3620373145(0)
ack 4021985391 win 8908 <nop,nop,timestamp 1550211609 3090717,nop,wscale 0,mss 536>
(DF)
02:56:07.249773 193.251.8.34.2323 > 193.252.19.180.pop3: R 4021985391:4021985391(0)
win 0
