RE: iptables causes interface to stop responding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Emanuele,
	I've faced same problem. And suggest you to upgrade your kernel. The
problem seems only if you have specifie NICs. I been victim with tulip
drivers. Also I doubt if you have SMP then remove that too... Don't ask me
why, It worked for me atleast ;)

-- Sumit

-----Original Message-----
From: linux-net-owner@vger.kernel.org
[mailto:linux-net-owner@vger.kernel.org]On Behalf Of Emanuele Buttice

Hello,

... ... ...

The problem :

Servers in the internal network are no longer able to ping or ssh or
connected to any port on the router's internal interface. The router can
ping the servers and even ssh into them but not the other way around.
Oddly enough the internal servers can ping and connect to the router's
external interface ! I downed the internal interface and brought it back
up and it still doesn't work.

I then rebooted my router and that solved the problem, temporarily ...
until I loaded the iptables FORWARD rules (I have no INPUT or OUTPUT
rules, default Policy set to ACCEPT). The problem returned so I did the
next logical step and flushed all my rules, and set the POLICY to ACCEPT
for all chains.  The problem still exists even with no rules loaded, the
internel servers can't ping the router's internal interface.

Now, like I said I don't have any INPUT or OUTPUT rules (policy ACCEPT)
and even when the FOWARD rules are flushed and POLICY set to ACCEPT  the
problem still remains. Seems like my rules trigger an event that causes
the nic to not respond to connection attempts.


The logs show the following :

New not syn:IN=eth0 OUT=eth1 SRC=142.173.65.19 DST=66.199.132.38 LEN=100
TOS=0x10 PREC=0x00 TTL=52 ID=5180 DF PROTO=TCP SPT=40501 DPT=22
WINDOW=9600 RES=0x00 ACK PSH URGP=0
New not syn:IN=eth0 OUT=eth1 SRC=142.173.65.19 DST=66.199.132.38 LEN=100
TOS=0x10 PREC=0x00 TTL=52 ID=5181 DF PROTO=TCP SPT=40501 DPT=22
WINDOW=9600 RES=0x00 ACK PSH URGP=0
New not syn:IN=eth0 OUT=eth1 SRC=142.173.65.19 DST=66.199.132.38 LEN=100
TOS=0x10 PREC=0x00 TTL=52 ID=5182 DF PROTO=TCP SPT=40501 DPT=22
WINDOW=9600 RES=0x00 ACK PSH URGP=0

I am running kernel 2.4.2-2, intel pro nics. Kernel is compiled with
most of the iptables options.

-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux