Slackware 12.2, VPN/PPTP problem: Cannot view certain sites
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
[Abandoned] Slackware 12.2, VPN/PPTP problem: Cannot view certain sites
Hello.
I'm using Slackware 12.2 and I'm connected to the internet via VPN/PPTP.
For some weird reason I cannot access certain sites when I'm working under the Slackware system - they respond to ping, but I cannot get any pages (page starts loading, then hangs forever). I can't figure out the pattern, but those sites include help.com, experts-exchange.com, and few others. Sites are online, and can be accessed via anonymous proxy servers. The problem doesn't happen on same machine, when it is running WinXP. This slackware machine has 2 NICs and is used as gateway by another Ubuntu 8.04 machine. Both slackware and ubuntu machines cannot access same range of sites. Problem affects firefox, opera, and wget.
Details:
2.6.27.7 kernel, custom built
Problem affects wget, firefox, and opera.
Machine has Squid-3.0Stable11 installed, but problem is not related to squid - sites cannot be accessed even if proxy is bypassed (wget --no-proxy).
Machine uses pptp-1.7.2-i486-3ga (with pppd) to connect the internet, downloaded from linuxpackages.
I'm being regularly portscanned - someone desperately tries to access ports 135, 137, 138 and 445 up to 700 times per day.
Machine has custom firewall rules in /etc/rc.d/rc.firewall:
Code:
#!/bin/sh
#firewall script
FRANKENSTEIN="192.168.0.2/32"
FIFACE="eth0" #FRANKENSTEIN INTERFACE
EXTIFACE="ppp0" #EXTERNAL INTERFACE
LOCAL="127.0.0.1/32"
iptables --flush
iptables -X
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
makeDropChain(){
iptables -N $1
iptables -A $1 -j LOG --log-prefix "$1: "
iptables -A $1 -j DROP
}
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
makeDropChain "input-drop"
makeDropChain "forward-drop"
makeDropChain "portscan-drop"
makeDropChain "xmas-drop"
makeDropChain "nullscan-drop"
makeDropChain "badsyn-drop"
makeDropChain "fragment-drop"
makeDropChain "ssh-drop"
iptables -A INPUT -s $LOCAL -d $LOCAL -i lo -j ACCEPT
iptables -A INPUT -s $FRANKENSTEIN -i eth0 -j ACCEPT
#frankenstein routing
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -A FORWARD -o $FIFACE -i $EXTIFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $FIFACE -o $EXTIFACE -j ACCEPT
iptables -t nat -A POSTROUTING -o $EXTIFACE -j MASQUERADE
#fragments
iptables -A INPUT -f -j fragment-drop
#bad syn
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j badsyn-drop
#xmas
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j xmas-drop
#nullscan
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j nullscan-drop
iptables -A INPUT -p tcp -m state --state NEW -m multiport --dports 32240 -j ACCEPT
iptables -A INPUT -p udp -m state --state NEW -m multiport --dports 32240 -j ACCEPT
#port-scan
iptables -N portscan
iptables -A portscan -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j RETURN
iptables -A portscan -j portscan-drop
iptables -A INPUT -j portscan
iptables -A INPUT -s $FRANKENSTEIN -p tcp -m state --state NEW -m multiport --dports ssh,3128 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j LOG --log-prefix "ssh: "
iptables -N syn-drop
iptables -A syn-drop -j LOG --log-prefix syn-drop
iptables -A syn-drop -j DROP
iptables -A INPUT -p tcp --syn -j syn-drop
iptables -A INPUT -g input-drop
iptables -A FORWARD -g forward-drop
I think problem may be related to firewall, but I can't figure out what is wrong. I've tried dumping iptable counters (iptables -vnL) to see if incoming connection gets blocked or rejected, but I haven't noticed anything unusual. ISP doesn't provide support for linux computers.
Ideas?
Last edited by SigTerm; 01-14-2010 at 05:19 AM.
Reason: Abandoned the problem
did you run thraceroute? maybe that sites2 connection loops somewhere weird.
Yes, and there are no obvious problems. In case of help.com traceroute lists all hops, site responds to ping, but I'm not getting any pages from there - pages start loading, but then progress get stuck at 18% (in opera). In case of experts-exchange I do not see all hops (only first 19), site responds to ping, but I have zero loading progress in browser, and eventually I get "connection reset by peer".
Also I can telnet both sites at port 80, but can't get pages from them.
Here is what I get with wget:
As you can see, it keeps awaiting response (forever, or after a few minutes it may return "connection reset by peer") until I terminate it.
There are few more websites that misbehave in the same way, but don't remember all of them. Everything works under WinXP, on the same machine, with same ISP, so this should be configuration problem.
connection reset by peer points that other side did not like your packages, and killed the connection. it could happen because of faulty hardware, bug in the network stack, or problems between you and the server.
after looking at the diagnoses you did, it's at high probality firewall problem. maybe it drops things it should not or modifyes something it should not.
connection reset by peer points that other side did not like your packages, and killed the connection. it could happen because of faulty hardware, bug in the network stack, or problems between you and the server.
I typically receive "reset by peer" after long period of waiting, so I think I do not receive first reply, server waits for some time, then cuts my connection.
Quote:
Originally Posted by ozanbaba
did you checked the bug lists?
Which ones? iptables, kernel, pptpclient or some others?
Quote:
Originally Posted by ozanbaba
after looking at the diagnoses you did, it's at high probality firewall problem. maybe it drops things it should not or modifyes something it should not.
I do not have hardware firewall. There is no router between me and ISP - I'm directly plugged into one huge LAN, with pptp server. Are you talking about iptables rules? As you can see, all traffic that is being cut by firewall rules is being logged, and aside from hundreds of daily attempts to connect to ports 135, 137, 138, and 445(?) (which are reported as "portscan-drop"), I do not see any other strange reports in dmesg. The attempts to connect to those ports are legit, I get similar reports in firewall I use on windows (on the same machine).
Also I do not remember having such problems with my ADSL modem, so it doesn't look like some kind of kernel bug. I think that purchasing a router with VPN support would solve my problem, but I cannot do that at the moment.
I typically receive "reset by peer" after long period of waiting, so I think I do not receive first reply, server waits for some time, then cuts my connection.
Which ones? iptables, kernel, pptpclient or some others?
i'd start with iptables. for VPN, you may try OpenVPN as it's works on top of tcp/ip.
I was unable to find anything relevant in iptables 1.4.2, pptpclient 1.7.2 and kernel 2.6.27.7 bug lists. PPTPCLient doesn't even have visible buglist.
another possiblity (finally talked to İTÜ sysadmin) is that router acts wrong and drops/damages packeges. then remote web site kills the connection.
Thanks for the suggestion, but there is no router (no obviously visible router), and as I said, this problem doesn't happen when machine runs windows.
Which might indicate, that problem is somehow related to linux-windows difference. I.e. packets sent by linux system are somehow different from the packets sent by windows system, and the difference triggers a bug somewhere along the way. Or perhaps there is a bug in pptpclient (which is possible, and in this case there won't be a solution - because there is no alternative to pptpclient for linux.
Quote:
Originally Posted by ozanbaba
debugging this is vrey pain in the ass. only thing comes to mind is that watch packeges in bpth end (client and after the router).
It would be nice if there was a howto about that, or keywords.
Anyway, I give up.
I'm sure that it is possible to debug|fix this, but I do not have enough time for that, and my computer/programming knowledge isn't related to monitoring packets.
If I ever find the solution/cause, I'll try to post it here.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.