Good morning, I'm Giacomo Strangolino from Italy.I finished developing an ipv4 packet filter with NAT/MASQUERADING and have been
testing it for some time with success connecting from home to my ISP named "libero". Then i changed ISP to another one, called "telecom" and with great surprise i discovered that images from sites and also sites failed to load. So now, when i call an ISP all works fine, when i call the other, things go wrong. I NAT machines behind my firewall changing only ips and ports, and recalculating checksum (ip and tcp/udp) to adjust such changes. I do not touch any other field as window size or seq number or ack, since the only things i manipulate are addresses and ports. I was wondering what i could do to solve, since iptables and ipfw+natd on freeBSD or winXP sp2 work fine with this ISP... Tweaking with ethereal i found that probably sometimes a tcp segment gets lost. My firewall is a 2.6.12 kernel module which registers with netfilter hooks. A userspace program sends rules to kernel via netlink. I thank you if you could help me find the way to fix the problem or understand what could be wrong with an ISP network and anyway work fine with the other. Also any indication of where in iptables source is solved such problem would be appreciated.I attach a corrupted image and the ethereal capture related to it if it could be useful-
Thanks a lot in advance. Giacomo S. Udine, Italy
Attachment:
ethereal-capture-immagini corrotte
Description: Binary data
