From mboxrd@z Thu Jan 1 00:00:00 1970 From: "tanuki" Subject: Wierd problem with irqs Date: Tue, 13 Jul 2004 15:56:19 +0200 Sender: netfilter-admin@lists.netfilter.org Message-ID: <017901c468e1$2c7aeb80$3b7819c4@PHAKE> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0176_01C468F1.EFD42000" Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: netfilter@lists.netfilter.org This is a multi-part message in MIME format. ------=_NextPart_000_0176_01C468F1.EFD42000 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi all had an interresting problem the other day, just thought i'd share it = with you all and see if=20 any body else had a similar experience.=20 I set up a small nat/firewall box for a client of ours. we had 5 = interfaces and they were as follows=20 eth0 192.168.10.1 netmask 255.255.255.255 pointopoint 192.168.10.2 = <--- adsl modem doing nat=20 eth1 192.168.0.1 netmask 255.255.255.0=20 eth2 192.168.1.1 netmask 255.255.255.0 eth3 192.168.2.1 netmask 255.255.255.0 eth4 192.168.3.1 netmask 255.255.255.255 pointopoint 192.168.3.2 <-- = some upstairs router=20 and the routing table looked like you would expect it to, with=20 route add default gw 192.168.10.1 dev eth0=20 also we had=20 echo "1" > /proc/sys/net/ipv4/ip_forward=20 for simplicity , iptables rules were as follows=20 iptables -t nat --append POSTROUTING -o eth0 --jump MASQUERADE=20 so, now all traffic using 192.168.0.1 , 1.1, 2.1 and 3.1 as a gateway = should be able to reach the=20 internet via the modem on 192.168.10.2 , right ?=20 well, all icmp worked, perfectly=20 but everything else , ie , udp, tcp didn't=20 say for example http : packets get sent to tcp 80, tcp replies get = recieved, but no data gets back to=20 the user on 192.168.whatever strange huh ?=20 so i thought my mtu was befuqed, so i do=20 iptables --append FORWARD --proto tcp --tcp-flags SYN,RST SYN --jump = TCPMSS --clamp-mss-to-pmtu=20 no luck though.=20 tried a plethora of other stuff too , but didn't work, so i'll leave = that there=20 obviously the nat works, becuase all my icmp's are natted.=20 mmm so i go into the boxes bios set up and tell it to assign irq's to all = pci devices automatically=20 boot up into linux and do=20 ifconfig eth4 up=20 eth4: error fetching interface information: Device not found eh ? wtf ? so i do ifconfig eth0 up=20 and the device gets brought up=20 then i do ifconfig eth4 up=20 and it brings it up . Strange huh ?=20 so now i see that all my cards are swopped arround. that which used to = be eth0 is now eth4 and so=20 on and so on.=20 anyway, plug in the appropiate network cables to the relevant nics and = run the script=20 to a ping to google.com ... everything works fine.=20 right, so far so good. right back were i started now, do a HTTP-GET http://www.google.com and guess what=20 i get a lovely html page.=20 strange that changing the device irg assignment in the bios solved my = problem ?=20 any ideas what could have caused this ?=20 thanks a lot for bearing with my idiotic ramblings so far=20 ---------------- tanuki=20 ------=_NextPart_000_0176_01C468F1.EFD42000 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi all
 
 
had an interresting problem the other = day, just=20 thought i'd share it with you all and see if
any body else had a similar experience. =
 
 
I set up a small nat/firewall box for a = client of=20 ours. we had 5 interfaces and they were as follows
 
eth0   192.168.10.1 netmask=20 255.255.255.255 pointopoint 192.168.10.2   <--- = adsl modem=20  doing nat
eth1   192.168.0.1 = netmask=20 255.255.255.0
eth2   192.168.1.1 netmask=20 255.255.255.0
eth3   192.168.2.1 netmask=20 255.255.255.0
eth4    192.168.3.1 = netmask=20 255.255.255.255 pointopoint 192.168.3.2 <-- some upstairs router=20
 
and the routing table looked like you = would expect=20 it to, with
 
route add default gw 192.168.10.1 dev = eth0=20
 
also we had
 
echo "1" > = /proc/sys/net/ipv4/ip_forward=20
 
for simplicity , iptables rules were as = follows=20
 
iptables -t nat --append POSTROUTING -o = eth0 --jump=20 MASQUERADE
 
so, now all traffic using 192.168.0.1 , = 1.1, 2.1=20 and 3.1 as a gateway should be able to reach the
internet via the modem on 192.168.10.2 = , right ?=20
 
well, all icmp worked, perfectly =
 
but everything else , ie , udp, tcp = didn't=20
 
say for example http : packets get sent = to tcp 80,=20 tcp replies get recieved, but no data gets back to
the user on = 192.168.whatever
 
strange huh ?
 
so i thought my mtu was befuqed, so i = do=20
 
iptables --append FORWARD --proto tcp = --tcp-flags=20 SYN,RST SYN --jump TCPMSS --clamp-mss-to-pmtu
 
no luck though.
 
tried a plethora of other stuff too , = but didn't=20 work, so i'll leave that there
 
obviously the nat works, becuase all my = icmp's are=20 natted.
mmm
 
so i go into the boxes bios set up and = tell it to=20 assign irq's to all pci devices automatically
 
boot up into linux and do
 
ifconfig eth4 up
 
eth4: error fetching interface = information: Device=20 not found
eh ? wtf ? so i do=20 ifconfig eth0 up
 
and the device gets brought up =
 
then i do ifconfig eth4 up =
 
and it brings it up . Strange huh ?
 
so now i see that all my cards are = swopped arround.=20 that which used to be eth0 is now eth4 and so
on and so on.
 
anyway, plug in the appropiate network = cables to=20 the relevant nics and run the script
 
to a ping to google.com ... everything = works fine.=20
right, so far so good. right back were = i=20 started
 
now, do a HTTP-GET http://www.google.com and guess = what=20
i get a lovely html page.
 
strange that changing the device irg = assignment in=20 the bios solved my problem ?
 
any ideas what could have caused this ? =
 
thanks a lot for bearing with my = idiotic ramblings=20 so far
 
----------------
 
tanuki
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
------=_NextPart_000_0176_01C468F1.EFD42000--