LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 12-20-2009, 05:07 AM   #1
SigTerm
Member
 
Registered: Dec 2009
Distribution: Slackware 12.2
Posts: 379

Rep: Reputation: 234Reputation: 234Reputation: 234
Question [Abandoned] Slackware 12.2, VPN/PPTP problem: Cannot view certain sites


Hello.

I'm using Slackware 12.2 and I'm connected to the internet via VPN/PPTP.
For some weird reason I cannot access certain sites when I'm working under the Slackware system - they respond to ping, but I cannot get any pages (page starts loading, then hangs forever). I can't figure out the pattern, but those sites include help.com, experts-exchange.com, and few others. Sites are online, and can be accessed via anonymous proxy servers. The problem doesn't happen on same machine, when it is running WinXP. This slackware machine has 2 NICs and is used as gateway by another Ubuntu 8.04 machine. Both slackware and ubuntu machines cannot access same range of sites. Problem affects firefox, opera, and wget.

Details:
  • 2.6.27.7 kernel, custom built
  • Problem affects wget, firefox, and opera.
  • Machine has Squid-3.0Stable11 installed, but problem is not related to squid - sites cannot be accessed even if proxy is bypassed (wget --no-proxy).
  • Machine uses pptp-1.7.2-i486-3ga (with pppd) to connect the internet, downloaded from linuxpackages.
  • I'm being regularly portscanned - someone desperately tries to access ports 135, 137, 138 and 445 up to 700 times per day.
  • Machine has custom firewall rules in /etc/rc.d/rc.firewall:
    Code:
    #!/bin/sh
    #firewall script
    
    FRANKENSTEIN="192.168.0.2/32"
    FIFACE="eth0" #FRANKENSTEIN INTERFACE
    EXTIFACE="ppp0" #EXTERNAL INTERFACE
    
    LOCAL="127.0.0.1/32"
    
    iptables --flush
    iptables -X
    
    iptables -P INPUT DROP
    iptables -P FORWARD DROP
    iptables -P OUTPUT ACCEPT
    
    makeDropChain(){
        iptables -N $1
        iptables -A $1 -j LOG --log-prefix "$1: "
        iptables -A $1 -j DROP
    }
    
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    
    makeDropChain "input-drop"
    makeDropChain "forward-drop"
    makeDropChain "portscan-drop"
    makeDropChain "xmas-drop"
    makeDropChain "nullscan-drop"
    makeDropChain "badsyn-drop"
    makeDropChain "fragment-drop"
    makeDropChain "ssh-drop"
    
    iptables -A INPUT -s $LOCAL -d $LOCAL -i lo -j ACCEPT
    iptables -A INPUT -s $FRANKENSTEIN -i eth0 -j ACCEPT
    
    #frankenstein routing
    echo "1" > /proc/sys/net/ipv4/ip_forward
    iptables -A FORWARD -o $FIFACE -i $EXTIFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A FORWARD -i $FIFACE -o $EXTIFACE -j ACCEPT
    iptables -t nat -A POSTROUTING -o $EXTIFACE -j MASQUERADE
    
    
    #fragments
    iptables -A INPUT -f -j fragment-drop
    #bad syn
    iptables -A INPUT -p tcp ! --syn -m state --state NEW -j badsyn-drop
    #xmas
    iptables -A INPUT -p tcp --tcp-flags ALL ALL -j xmas-drop
    #nullscan
    iptables -A INPUT -p tcp --tcp-flags ALL NONE -j nullscan-drop
    
    iptables -A INPUT -p tcp -m state --state NEW -m multiport --dports 32240 -j ACCEPT
    iptables -A INPUT -p udp -m state --state NEW -m multiport --dports 32240 -j ACCEPT
    
    #port-scan
    iptables -N portscan
    iptables -A portscan -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j RETURN
    iptables -A portscan -j portscan-drop
    
    iptables -A INPUT -j portscan
    
    iptables -A INPUT -s $FRANKENSTEIN -p tcp -m state --state NEW -m multiport --dports ssh,3128 -j ACCEPT
    iptables -A INPUT -p tcp --dport 22 -j LOG --log-prefix "ssh: "
    
    iptables -N syn-drop
    iptables -A syn-drop -j LOG --log-prefix syn-drop
    iptables -A syn-drop -j DROP
    
    iptables -A INPUT -p tcp --syn -j syn-drop
    
    iptables -A INPUT -g input-drop
    
    iptables -A FORWARD -g forward-drop

I think problem may be related to firewall, but I can't figure out what is wrong. I've tried dumping iptable counters (iptables -vnL) to see if incoming connection gets blocked or rejected, but I haven't noticed anything unusual. ISP doesn't provide support for linux computers.

Ideas?

Last edited by SigTerm; 01-14-2010 at 05:19 AM. Reason: Abandoned the problem
 
Old 12-21-2009, 07:33 AM   #2
ozanbaba
Member
 
Registered: May 2003
Location: İzmir
Distribution: Slackware64 15.0 Multilib
Posts: 778

Rep: Reputation: 135Reputation: 135
did you run thraceroute? maybe that sites2 connection loops somewhere weird.
 
Old 12-21-2009, 08:45 AM   #3
SigTerm
Member
 
Registered: Dec 2009
Distribution: Slackware 12.2
Posts: 379

Original Poster
Rep: Reputation: 234Reputation: 234Reputation: 234
Quote:
Originally Posted by ozanbaba View Post
did you run thraceroute? maybe that sites2 connection loops somewhere weird.
Yes, and there are no obvious problems. In case of help.com traceroute lists all hops, site responds to ping, but I'm not getting any pages from there - pages start loading, but then progress get stuck at 18% (in opera). In case of experts-exchange I do not see all hops (only first 19), site responds to ping, but I have zero loading progress in browser, and eventually I get "connection reset by peer".

Also I can telnet both sites at port 80, but can't get pages from them.
Here is what I get with wget:
Code:
wget --no-proxy www.help.com
--2009-12-21 17:39:18--  http://www.help.com/
Resolving www.help.com... 216.239.116.121
Connecting to www.help.com|216.239.116.121|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://help.com/ [following]
--2009-12-21 17:39:19--  http://help.com/
Resolving help.com... 216.239.116.121
Reusing existing connection to www.help.com:80.
HTTP request sent, awaiting response...
And
Code:
bash-3.1$ wget --no-proxy www.experts-exchange.com
--2009-12-21 17:40:27--  http://www.experts-exchange.com/
Resolving www.experts-exchange.com... 64.156.132.140
Connecting to www.experts-exchange.com|64.156.132.140|:80... connected.
HTTP request sent, awaiting response... ^C
As you can see, it keeps awaiting response (forever, or after a few minutes it may return "connection reset by peer") until I terminate it.

There are few more websites that misbehave in the same way, but don't remember all of them. Everything works under WinXP, on the same machine, with same ISP, so this should be configuration problem.

Last edited by SigTerm; 12-21-2009 at 08:46 AM.
 
Old 12-24-2009, 06:45 AM   #4
ozanbaba
Member
 
Registered: May 2003
Location: İzmir
Distribution: Slackware64 15.0 Multilib
Posts: 778

Rep: Reputation: 135Reputation: 135
some more thinking:

connection reset by peer points that other side did not like your packages, and killed the connection. it could happen because of faulty hardware, bug in the network stack, or problems between you and the server.

after looking at the diagnoses you did, it's at high probality firewall problem. maybe it drops things it should not or modifyes something it should not.

did you checked the bug lists?
 
Old 12-24-2009, 09:47 AM   #5
SigTerm
Member
 
Registered: Dec 2009
Distribution: Slackware 12.2
Posts: 379

Original Poster
Rep: Reputation: 234Reputation: 234Reputation: 234
Quote:
Originally Posted by ozanbaba View Post
some more thinking:

connection reset by peer points that other side did not like your packages, and killed the connection. it could happen because of faulty hardware, bug in the network stack, or problems between you and the server.
I typically receive "reset by peer" after long period of waiting, so I think I do not receive first reply, server waits for some time, then cuts my connection.

Quote:
Originally Posted by ozanbaba View Post
did you checked the bug lists?
Which ones? iptables, kernel, pptpclient or some others?

Quote:
Originally Posted by ozanbaba View Post
after looking at the diagnoses you did, it's at high probality firewall problem. maybe it drops things it should not or modifyes something it should not.
I do not have hardware firewall. There is no router between me and ISP - I'm directly plugged into one huge LAN, with pptp server. Are you talking about iptables rules? As you can see, all traffic that is being cut by firewall rules is being logged, and aside from hundreds of daily attempts to connect to ports 135, 137, 138, and 445(?) (which are reported as "portscan-drop"), I do not see any other strange reports in dmesg. The attempts to connect to those ports are legit, I get similar reports in firewall I use on windows (on the same machine).

Also I do not remember having such problems with my ADSL modem, so it doesn't look like some kind of kernel bug. I think that purchasing a router with VPN support would solve my problem, but I cannot do that at the moment.
 
Old 12-24-2009, 09:54 AM   #6
ozanbaba
Member
 
Registered: May 2003
Location: İzmir
Distribution: Slackware64 15.0 Multilib
Posts: 778

Rep: Reputation: 135Reputation: 135
Quote:
Originally Posted by SigTerm View Post
I typically receive "reset by peer" after long period of waiting, so I think I do not receive first reply, server waits for some time, then cuts my connection.


Which ones? iptables, kernel, pptpclient or some others?
i'd start with iptables. for VPN, you may try OpenVPN as it's works on top of tcp/ip.
 
Old 12-24-2009, 10:52 AM   #7
SigTerm
Member
 
Registered: Dec 2009
Distribution: Slackware 12.2
Posts: 379

Original Poster
Rep: Reputation: 234Reputation: 234Reputation: 234
Quote:
Originally Posted by ozanbaba View Post
i'd start with iptables.
I'll check it out, then post the result.

Quote:
Originally Posted by ozanbaba View Post
may try OpenVPN as it's works on top of tcp/ip.
Unfortunately, OpenVPN doesn't support PPTP or L2TP. Those protocols are the only available options to connect to my ISP's vpn server.
 
Old 12-28-2009, 04:38 AM   #8
ozanbaba
Member
 
Registered: May 2003
Location: İzmir
Distribution: Slackware64 15.0 Multilib
Posts: 778

Rep: Reputation: 135Reputation: 135
i have an idea about debugging. use wireshark and do time capture for the protocol. maybe you can catch something
 
Old 12-28-2009, 10:14 AM   #9
SigTerm
Member
 
Registered: Dec 2009
Distribution: Slackware 12.2
Posts: 379

Original Poster
Rep: Reputation: 234Reputation: 234Reputation: 234
Quote:
Originally Posted by SigTerm View Post
I'll check it out, then post the result.
I was unable to find anything relevant in iptables 1.4.2, pptpclient 1.7.2 and kernel 2.6.27.7 bug lists. PPTPCLient doesn't even have visible buglist.
 
Old 01-14-2010, 04:57 AM   #10
ozanbaba
Member
 
Registered: May 2003
Location: İzmir
Distribution: Slackware64 15.0 Multilib
Posts: 778

Rep: Reputation: 135Reputation: 135
another possiblity (finally talked to İTÜ sysadmin) is that router acts wrong and drops/damages packeges. then remote web site kills the connection.

debugging this is vrey pain in the ass. only thing comes to mind is that watch packeges in bpth end (client and after the router).
 
Old 01-14-2010, 05:18 AM   #11
SigTerm
Member
 
Registered: Dec 2009
Distribution: Slackware 12.2
Posts: 379

Original Poster
Rep: Reputation: 234Reputation: 234Reputation: 234
Quote:
Originally Posted by ozanbaba View Post
another possiblity (finally talked to İTÜ sysadmin) is that router acts wrong and drops/damages packeges. then remote web site kills the connection.
Thanks for the suggestion, but there is no router (no obviously visible router), and as I said, this problem doesn't happen when machine runs windows.
Which might indicate, that problem is somehow related to linux-windows difference. I.e. packets sent by linux system are somehow different from the packets sent by windows system, and the difference triggers a bug somewhere along the way. Or perhaps there is a bug in pptpclient (which is possible, and in this case there won't be a solution - because there is no alternative to pptpclient for linux.


Quote:
Originally Posted by ozanbaba View Post
debugging this is vrey pain in the ass. only thing comes to mind is that watch packeges in bpth end (client and after the router).
It would be nice if there was a howto about that, or keywords.

Anyway, I give up.

I'm sure that it is possible to debug|fix this, but I do not have enough time for that, and my computer/programming knowledge isn't related to monitoring packets.

If I ever find the solution/cause, I'll try to post it here.

Question abandoned.

Last edited by SigTerm; 01-14-2010 at 05:19 AM.
 
Old 09-06-2010, 08:24 AM   #12
mhzokaii
LQ Newbie
 
Registered: Sep 2010
Posts: 1

Rep: Reputation: 0
I just figured out the solution after a very long night!

The default maximum transmission unit (MTU) is set to be 1396, while in XP it is 1400.

ppp0 Link encap:Point-to-Point Protocol
inet addr:192.168.5.1 P-t-P:192.168.5.234 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1396 Metric:1

use this to change that:
ifconfig ppp0 mtu 1400

 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
DISCUSSION: PPTP VPN on Slackware How-to djbanaan LinuxAnswers Discussion 10 08-09-2010 08:40 AM
a pptp vpn problem lth0721 Linux - Networking 2 05-13-2009 11:01 PM
Slackware 12.1 on a pptp vpn darkhatter Slackware 0 08-26-2008 03:02 PM
LXer: Linux Configure point to point tunneling PPTP VPN client for Microsoft PPTP vpn server LXer Syndicated Linux News 0 06-13-2007 08:46 AM
VPN pptp problem nostromo Linux - Networking 0 05-21-2007 08:36 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 10:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration