LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Really strange problem with NAT router (https://www.linuxquestions.org/questions/linux-networking-3/really-strange-problem-with-nat-router-441677/)

gepas 05-04-2006 04:15 PM
Really strange problem with NAT router
 
Hello,

I'm running a Slackware 10.2 as a NAT router, with latest kernel 2.4.32. The problem I'm suffering from is strange enough to sound but it is true! After some days of operation the router refuses to make new Internet connections - but which is curious not from all the machines that are behind the NAT, but instead from just let's say from 2-3 machines. At this moment, I can ping from those problematic machines any address with no problem, also I can open and browse the FTP site on the router itself successfully. And of course from the rest of the machines the Internet and NAT-ting is working perfectly.

Here are the simptons once again in brief in case I was not clear enough:

1. A network of 30 PCs with a Slackware router, NAT.
2. At some moment for 2-3 PCs (IPs) it becomes impossible to make new and any connections to Internet services: HTTP, FTP, ICQ, Skype, etc.
3. From those 2-3 PCs (IPs) it is still possible to ping and receive answer from any Internet site/address!!!
4. From those 2-3 PCs (IPs) I can access and use the Web/FTP service on the Linux router itself with no problems!!!
5. From the other 28 PCs (IPs) Internet access is still working perfectly.
6. The problem is fixed after rebooting the Linux - but regularly repeats itself again after some period of time.

Please, somebody shed some light how to diagnose this strange and absolutley unlogical situation and problem !

Just an additional note: this is a newly setup router which replaced a Redhat 9 Linux machine - when I return the Redhat machine in place the problem does not appear.

thank you
Evgeni

frankjoshua 05-04-2006 04:27 PM
This is tough. I am curious if the router is cutting off traffic from those machines on purpose. I might use an ethernet packet sniffing program to see if there is a lot of traffic coming from those machines. If that is the case could be anything from viruses to spyware to defective network cards. Are you using iptables or something else?

Joshua Frank
joshfrank.com

gepas 05-04-2006 04:36 PM
Thanks frankjoshua,

How can I see if the router is cutting traffic from this machines on purpose? It is impossible to simulate the problem at any time since this happens only at some unknown moment, and when this happens I have to react very quickly and usually am pushed to restart the machine... But how can I deeper diagnose this shitty problem ??

I'm using iptables just for the NAT, some port forwarding to IPs behind the nat, and also iptables to drop traffic out on well-known Windows virus-prone ports like 135,136, etc.

Just for reference, see post http://www.linuxquestions.org/questi...d.php?t=435728, this guy I think has exactly the same problem like me, and also with Slackware ??

Evgeni

frankjoshua 05-05-2006 11:05 AM
You need to install ethereal and do some network sniffing. I read the other post and upgrading the kernel is not a bad idea but I don't believe it's the solution here. Due to the fact that the problem is only on a couple a machines I would be very suprised if the problem was on your server. If you have allready checked for virus and spyware on the effect machines I would try to swap network cards from a good machine and a problematic one. I have seen similar problems cause by bad network cards also it could be a port on your switch. Any way these are pretty easy things to check and important to rule out.

Joshua Frank
joshfrank.com


All times are GMT -5. The time now is 07:04 PM.