upload problem sme 6.5rc1 nat ip fwd

louhaven · 05-01-2006, 05:57 AM

Hello everyone,

I've been running an sme server/gateway for many years. Everything has been fine. The odd problem from time to time.

I've got sme 6.5rc1 setup as a gateway/server, I have win32-based and linux-based systems pointing to it.

I can download till I'm very blue in the face, but cannot upload anything beyond a couple of megs tops.

i.e. rapidshare.de. can browse with firefox/download no problems. When i try to upload, wether it be direct or via proxify.com, I get "Document contains no data" Now, before any of you say boo, I've already ruled out a firefox/windowz os issue. This is something thats been happenning for quite a few years (I just put it down to software issues).

I've done extensive research on this specific problem, and it would appear to be something either to do with nat or iptables/masq, or both. I've even looked into voip problems when sitting behind a nat/firewall system - Voip packets get screwed up when being passed thru nat. There are lots of module addons, rsip, alg's, aiccu, ayiya, stun, openswan, openser, .. the list goes on....
None of these addon's seem to address my problem.

I'm not proficient with C, have had a recent severely steep learning curve, trying to diagnose this problem, The server is an sme server 6.5RC1. From memory its based on a rehhat 7.3 distribution, but its stable, and after all the problems ive had upgrading from sme 5.1.2 (recently) im loath to mess with it too much.

I can tell you that the rapidshare webmaster (he's a nice person) first pointed me to my isp's transparent proxy, and, my isp's tech support has been able to upload files to rapidshare, from behind their transparent proxy, no problems. This really puts the problem pretty well in my setup/config here somewhere.

I've been able to work out that the upload code on the rapidshare site is some sort of cgi-bin code (by analysing the http headers/ http code with some online utilities.

If anyone has any ideas, or things that I could try I'd be very greatful for your input.

Its got me stumped.

louhaven · 05-05-2006, 04:38 PM

Hello,

I may have been a little brief in my previous post, so here's some more detailed information.

Sme server 6.5RC1 based on redhat 7.3
standard load from cdrom image.
The machine is setup as a gateway/server
2 network cards, 1 pointing to adsl modem (in bridge mode) 1 pointing back to the hub.
adsl modem is a speedtouch pro

here's the iptables output with 'iptables -L -n'

[root@eagle root]# iptables -L -n
Chain INPUT (policy DROP)
target prot opt source destination
DROP all -- 219.139.44.26 0.0.0.0/0
DROP all -- 219.129.237.22 0.0.0.0/0
DROP all -- 219.129.21.113 0.0.0.0/0
DROP all -- 219.129.21.112 0.0.0.0/0
DROP all -- 216.148.234.185 0.0.0.0/0
DROP all -- 212.23.166.71 0.0.0.0/0
DROP all -- 211.99.194.143 0.0.0.0/0
DROP all -- 211.72.249.200 0.0.0.0/0
DROP all -- 202.104.237.187 0.0.0.0/0
DROP all -- 202.103.178.228 0.0.0.0/0
DROP all -- 202.103.178.208 0.0.0.0/0
DROP all -- 202.103.178.150 0.0.0.0/0
DROP all -- 195.33.130.135 0.0.0.0/0
DROP all -- 195.33.130.133 0.0.0.0/0
DROP all -- 83.14.137.66 0.0.0.0/0
DROP all -- 61.215.87.211 0.0.0.0/0
DROP all -- 59.34.196.64 0.0.0.0/0
state_chk all -- 0.0.0.0/0 0.0.0.0/0
local_chk all -- 0.0.0.0/0 0.0.0.0/0
PPPconn all -- 0.0.0.0/0 0.0.0.0/0
denylog all -- 224.0.0.0/4 0.0.0.0/0
denylog all -- 0.0.0.0/0 224.0.0.0/4
InboundICMP icmp -- 0.0.0.0/0 0.0.0.0/0
denylog icmp -- 0.0.0.0/0 0.0.0.0/0
InboundTCP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02
denylog tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02
InboundUDP udp -- 0.0.0.0/0 0.0.0.0/0
denylog udp -- 0.0.0.0/0 0.0.0.0/0
gre-in 47 -- 0.0.0.0/0 0.0.0.0/0
denylog 47 -- 0.0.0.0/0 0.0.0.0/0
denylog all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP)
target prot opt source destination
ForwardDenyLocals all -- 0.0.0.0/0 0.0.0.0/0
state_chk all -- 0.0.0.0/0 0.0.0.0/0
local_chk all -- 0.0.0.0/0 0.0.0.0/0
ForwardedTCP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02
ForwardedUDP udp -- 0.0.0.0/0 0.0.0.0/0
denylog all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PPPconn all -- 0.0.0.0/0 0.0.0.0/0
denylog all -- 224.0.0.0/4 0.0.0.0/0
denylog all -- 0.0.0.0/0 224.0.0.0/4
OutboundICMP icmp -- 0.0.0.0/0 0.0.0.0/0
denylog icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain ForwardDenyLocals (1 references)
target prot opt source destination

Chain ForwardedTCP (1 references)
target prot opt source destination
ForwardedTCP_21714 all -- 0.0.0.0/0 0.0.0.0/0
denylog tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02

Chain ForwardedTCP_21714 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 192.168.0.8 tcp dpt:24554

Chain ForwardedUDP (1 references)
target prot opt source destination
ForwardedUDP_21714 all -- 0.0.0.0/0 0.0.0.0/0
denylog udp -- 0.0.0.0/0 0.0.0.0/0

Chain ForwardedUDP_21714 (1 references)
target prot opt source destination

Chain InboundICMP (1 references)
target prot opt source destination
InboundICMP_21714 all -- 0.0.0.0/0 0.0.0.0/0
denylog icmp -- 0.0.0.0/0 0.0.0.0/0

Chain InboundICMP_21714 (1 references)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 4
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 11
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 12
denylog all -- 0.0.0.0/0 0.0.0.0/0

Chain InboundTCP (1 references)
target prot opt source destination
InboundTCP_21714 all -- 0.0.0.0/0 0.0.0.0/0
denylog tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02

Chain InboundTCP_21714 (1 references)
target prot opt source destination
denylog all -- 0.0.0.0/0 !58.6.37.26
ACCEPT tcp -- 0.0.0.0/0 58.6.37.26 tcp dpt:25
denylog tcp -- 0.0.0.0/0 58.6.37.26 tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 58.6.37.26 tcp dpt:465
denylog tcp -- 0.0.0.0/0 58.6.37.26 tcp dpt:465
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
denylog tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
denylog tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
denylog tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
denylog tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:389
denylog tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
denylog tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:995
denylog tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
denylog tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:465
denylog tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:23

Chain InboundUDP (1 references)
target prot opt source destination
InboundUDP_21714 all -- 0.0.0.0/0 0.0.0.0/0
denylog udp -- 0.0.0.0/0 0.0.0.0/0

Chain InboundUDP_21714 (1 references)
target prot opt source destination
denylog all -- 0.0.0.0/0 !58.6.37.26

Chain OutboundICMP (1 references)
target prot opt source destination
OutboundICMP_21714 all -- 0.0.0.0/0 0.0.0.0/0
denylog icmp -- 0.0.0.0/0 0.0.0.0/0

Chain OutboundICMP_21714 (1 references)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 4
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 11
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 12
denylog all -- 0.0.0.0/0 0.0.0.0/0

Chain PPPconn (2 references)
target prot opt source destination
PPPconn_1 all -- 0.0.0.0/0 0.0.0.0/0

Chain PPPconn_1 (1 references)
target prot opt source destination

Chain denylog (34 references)
target prot opt source destination
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:520
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:137:139
ULOG all -- 0.0.0.0/0 0.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix `drop:' queue_threshold 1
DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain gre-in (1 references)
target prot opt source destination
denylog all -- 0.0.0.0/0 !58.6.37.26
denylog all -- 0.0.0.0/0 0.0.0.0/0

Chain local_chk (2 references)
target prot opt source destination
local_chk_21714 all -- 0.0.0.0/0 0.0.0.0/0

Chain local_chk_21714 (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 192.168.0.0/24 0.0.0.0/0

Chain state_chk (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

If you have any ideas, anything at all, I'm all ears.

(well not quite, but this is quite hard for me to get a handle on)