i need help !!!

Tue, 26 Mar 2002 23:44:11 -0800 

hi all,

its a very sinmple setup BUT am facing a very
unpreditable behaviour with yahoo 
messenger which doesnt allow to authenticate users or
if the user is authenticated 
 will log-off the user. this happens for a couple of
hours & things get normal 
again.the server has squid,dns,netfilters only. the
iptables script is given below

 echo 1 > /proc/sys/net/ipv4/ip_forward
 echo 1 > /proc/sys/net/ipv4/tcp_syncookies
 for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
        echo 1 > $f
 done
 for f in /proc/sys/net/ipv4/conf/*/accept_redirects;
do
        echo 0 > $f
 done
 for f in
/proc/sys/net/ipv4/conf/*/accept_source_route; do
        echo 0 > $f
 done
 echo 1 >
/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
 echo 0 >> /proc/sys/net/ipv4/tcp_ecn
# flush all rules first...
 $IPT -t filter -F INPUT
 $IPT -t filter -F OUTPUT
 $IPT -t filter -F FORWARD
 $IPT -t nat -F OUTPUT
 $IPT -t nat -F POSTROUTING
 $IPT -t nat -F PREROUTING
 $IPT -t mangle -F PREROUTING
 $IPT -t mangle -F OUTPUT
##--ftp out
 $IPT -I INPUT  -p 6 --sport ftp -m state --state
ESTABLISHED -j ACCEPT
 $IPT -I OUTPUT -p 6 --dport ftp -m state --state
NEW,ESTABLISHED -j ACCEPT
 $IPT -I INPUT  -p 17 --sport ftp -m state --state
ESTABLISHED -j ACCEPT
 $IPT -I OUTPUT -p 17 --dport ftp -m state --state
NEW,ESTABLISHED -j ACCEPT
##--connection tracing -- active ftp
 $IPT -I INPUT -p 6 --sport ftp-data -m state --state
ESTABLISHED,RELATED -j 
ACCEPT $IPT -I OUTPUT -p 6 --dport ftp-data -m state
--state ESTABLISHED -j ACCEPT
 $IPT -I INPUT -p 17 --sport ftp-data -m state --state
ESTABLISHED,RELATED -j 
ACCEPT
 $IPT -I OUTPUT -p 17 --dport ftp-data -m state
--state ESTABLISHED -j ACCEPT
##--connection tracking -- passive ftp
 $IPT -I INPUT -p 6 --sport 1024:65535 --dport
1024:65535 -m state --state 
ESTABLISHED -j ACCEPT
 $IPT -I OUTPUT -p 6 --sport 1024:65535 --dport
1024:65535 -m state --state 
ESTABLISHED,RELATED -j ACCEPT
 $IPT -I INPUT -p 17 --sport 1024:65535 --dport
1024:65535 -m state --state 
ESTABLISHED -j ACCEPT
 $IPT -I OUTPUT -p 17 --sport 1024:65535 --dport
1024:65535 -m state --state 
ESTABLISHED,RELATED -j ACCEPT

 $IPT -A FORWARD -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT

 $IPT -t mangle -A OUTPUT -p tcp --dport 80 -j TOS
--set-tos Maximize-Throughput
 $IPT -t mangle -A OUTPUT -p tcp --dport 23 -j TOS
--set-tos Minimize-Delay
 $IPT -t mangle -A OUTPUT -p tcp --dport 22 -j TOS
--set-tos Minimize-Delay
 $IPT -t mangle -A OUTPUT -p tcp --dport 20 -j TOS
--set-tos Minimize-Cost
 $IPT -t mangle -A OUTPUT -p tcp --dport 21 -j TOS
--set-tos Minimize-Delay
 $IPT -A INPUT -m helper --helper ftp -j ACCEPT

 $IPT -A INPUT -s 192.168.0.0/16 -i eth1 -j ACCEPT
 $IPT -A FORWARD -o eth0 -s 192.168.0.0/16 -j ACCEPT
# $IPT -A POSTROUTING -t nat -o eth0 -s 192.168.0.0/16
-j SNAT --to-source a.b.c.d
 $IPT -A POSTROUTING -t nat -o eth0 -s 192.168.0.0/16
-j MASQUERADE
 $IPT -A PREROUTING -t nat -i eth1 -s 192.168.0.0/16
-p 6 --dport 80 -j REDIRECT 
--to-port 3128

 $IPT -P INPUT ACCEPT
 $IPT -P OUTPUT ACCEPT
 $IPT -P FORWARD DROP

i have, at the time of problem, rechecked that squid &
dns is running. surfing the 
inetrnet is ok from clients end. the primary dns of
our netwrk too is running ok. 
results of "fgrep conn /proc/slabinfo" shows ip
conntack is not at max level!.. 
i mean with all possible things to look for, still i
find yahoo mesenger not 
working with pc behind this server wheareas the same
is ok for another SIMILAR 
setup at a different location !... v even changed the
ip(provided by isp) for 
these 2 different office network(2 check if something
is blocked from the isp)but 
still found no difference. at no instance these 2
network had this same 
problem-->not being able to use yahoo messenger
services ! ys--only yahoo 
messenger services ONLY !!!!!

can anyone of u tell me what really is hapenning--if i
did something wrong or if i 
have to look in for some more parameters to find some
limitation of the server 
configured..the said server is having...
RH7.2;kernel 2.4.18;iptables v1.2.5;squid2.4Stable3
with 256mb ram & celron833 on 
intel810 motherboard !!!!

i will really appreciatefor ur help on this matter.pls
help me to not have more 
sleepless nights !!
thanking in advance to u all...

A.H


__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com

Reply via email to