Very wierd problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi.

I have quite a problem.
One of my customer is suddently unable to upload data to his machine (neither via SFTP/SCP nor regular FTP nor HTTP) behind my firewall. I believe it is due to something changed on the network he is connected to (as I have not changed anything during that period). He has no problems downloading data, but when uploading the upload stalls after 4kb of transfer. What is even worse, I cannot recreate the problem from anywhere I have tried (>5 different ISP's). 

The setup is like this:
In front of my network is a small (/29) network. The bigger (/26) "production" network is routed through one of the addresses on the /29 network (made by the upstream provider). On this address, the firewall sits. My upstream is tripple-homed, I have no idea about the customers upstream.
I use iptables is version 1.3.4 (installed through Gentoo's portage) and a vanilla (not Gentoo enhanced) Linux 2.6.14.2.
The way it works, netfilter basicly rewrites the "known" public ip's from the /26 network to some private (192.168.x.y) addresses where X is a customer key and Y is the machine number for this customer. The traffic is also filtered against machine specfic rules on what to allow initiating new connections from the outside (SSH, HTTP and so on) and connection tracking is taking care of the rest (ESTABLISHED/RELATED). All this trafic leaves by one physical interface through multiple VLANS to a VLAN aware switch and to the final destination.
This has worked flawlessy for half a year or so. But suddently it stop working. The customer's upstream provider blames my firewall. An interesting point is that the customer CAN upload to the firewall itself by scp through it's /29 adress (it has no /26). But as said, I have not changed anything in the way the firewall works around when the problem arose, and any attempt to recreate it has been a failure.
I have tried to log packets both in the filter tables and the prerouting chain of the nat filter (before doing the nat). But nothing really catches my eyes.
Any suggestions to what could be the problem ? Or how I could zero in on it ? What to log and so on?
I am not really keen on publishing the firewall script, but I will send it to helpful individuals by email on request. 

Thanks in advance

Svenne

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux