|
Hi,
For some time I have been having strange problems,
which mostly were noticed in Samba (so I assumed it was a Samba problem).
Basically a connection (from a Windows box to a linux box, but that doesn't
matter much now) would stop working (as if the server had gone down) and it was
impossible to recover it for a few minutes.
Actually it happens with all other stuff (the linux
box handling the internet connection and NAT), in fact when that happens you
can't even telnet/ssh in to the linux box.
I got fed up so I started logging every dropped
packet in iptables, just in case it was related.
And this is what I get:
Jan 11 11:52:12 fulanito kernel: [IPTABLES DROP
NAT] : IN=eth1 OUT= MAC=00:01:03:27:83:4c:00:0c:6e:77:a9:92:08:00
SRC="" DST=192.168.20.1 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=13013
PROTO=UDP SPT=137 DPT=137 LEN=58
eth1 is my external (connected to the internet
router) interface, 192.168.20.5 is one of my window boxes, 192.168.20.1 is my
linux box. These two boxes are connected via a switch (which has nothing else
connected to it), and the interface is eth0.
What could cause that the packet appears in
eth1 instead of eth0? Of course that explains that it's being dropped, as I have
a rule that drops everything coming in the external interface with private
addresses....
I know the obvious answer would be "someone special
made that packet and sent it", but the packet does come from the LAN. The MAC
matches the IP it's supposes to come from (i.e. belongs to the NIC in my windows
card), and most importantly, when I see that in the logs (happens from time to
time, I can't figure out what triggers it, and the problem goes away by itself
after a few minutes) the LAN computers can't connect to the linux
box.
Any idea?
I'm currently using this kernel Linux version 2.4.22-1.2096.nptl (bhcompile@xxxxxxxxxxxxxxxxxxxxxx)
(gcc version 3.2.3 20030422 (Red Hat Linux 3.2.3-6)) #1 Thu Oct 16 12:06:27 EDT
2003
but it happened as previous versions as well, both
from redhat and mainstream (linus' tree locally compiled here).
|
