Re: CentOS based router dropping connections

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]





Jesse Cantara wrote:
Hello,

I am trying to figure out a problem I'm having using CentOS on a machine as a router. The short story is: any traffic routed through the router seems to get disconnected at random occasionally.

The hardware setup is:
I have two switches, the router sits between them, the webserver on the LAN switch. The machine I'm using for the router is a Dell 860 1U rackmount with two NICs, one NIC on the internet, one NIC on the LAN.

The routing setup is:
I'm using IPTABLES for routing, with the following command:
iptables -t nat -A PREROUTING -p tcp -m tcp -i eth1 --dport 6680 -j DNAT --to 192.168.1.10:80
Basically, I'm forwarding port 6680 on to the webserver (.10) on the LAN.

What I have tested so far:
If I'm at the router, I can download files from the webserver just fine, so the webserver setup and physical connection is OK. If I'm at the router, I can download files from the internet just fine, so the physical connection to the outside is OK as well. If I'm on the outside of the router (on the internet) I can download files directly from the router just fine.

The issue is when I try to download a file from the webserver via the router (port 6680). It will work sometimes, but other times it will randomly disconnect me, at random points during the download.

Watching the traffic on a packet-sniffer shows that right before the download fails, my client computer trying to download the file keeps resending "ACK" messages, the router keeps sending the next sequence of packets, and eventually the router sends a bunch of "RST" packets.

There aren't any strange messages in /var/log/messages or dmesg in either the router or the webserver

I need some help diagnosing this problem. Here's some info about the router:
CentOS 5
latest kernel 2.6.18-8.1.8.el5
iptables v1.3.5

I've tried testing as much as I can before asking for help, but I'm at the end of what I know to try. Any leads as to where to look to diagnose, or what might cause this would help.

Thanks in advance,
-Jesse

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
Jesse,

What IP address are you using when you try to access the webserver (via port 6680) from the router, the public or the private?

If I read the iptables man page correctly, I would not expect the router to mangle the packets generated locally for the PREROUTING table since the packets are not "really" arriving at the eth1 interface. Maybe the problem is that some packets are getting through at all. What happens if you try to access the webserver from a machine on the LAN, but using the public IP address and port 6680?

Why not use port 80 and the private IP when accessing the webserver from the router, and anywhere else in the LAN, and address the webserver via 6680 when coming in from the internet. If I read your test scenarios correctly, both of those conditions work correctly and I assume that is your intent.

Bob...
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux