From mboxrd@z Thu Jan 1 00:00:00 1970 From: "tanuki" Subject: Wierd problem with irqs Date: Tue, 13 Jul 2004 15:56:19 +0200 Sender: netfilter-admin@lists.netfilter.org Message-ID: <017901c468e1$2c7aeb80$3b7819c4@PHAKE> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0176_01C468F1.EFD42000" Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: netfilter@lists.netfilter.org This is a multi-part message in MIME format. ------=_NextPart_000_0176_01C468F1.EFD42000 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi all had an interresting problem the other day, just thought i'd share it = with you all and see if=20 any body else had a similar experience.=20 I set up a small nat/firewall box for a client of ours. we had 5 = interfaces and they were as follows=20 eth0 192.168.10.1 netmask 255.255.255.255 pointopoint 192.168.10.2 = <--- adsl modem doing nat=20 eth1 192.168.0.1 netmask 255.255.255.0=20 eth2 192.168.1.1 netmask 255.255.255.0 eth3 192.168.2.1 netmask 255.255.255.0 eth4 192.168.3.1 netmask 255.255.255.255 pointopoint 192.168.3.2 <-- = some upstairs router=20 and the routing table looked like you would expect it to, with=20 route add default gw 192.168.10.1 dev eth0=20 also we had=20 echo "1" > /proc/sys/net/ipv4/ip_forward=20 for simplicity , iptables rules were as follows=20 iptables -t nat --append POSTROUTING -o eth0 --jump MASQUERADE=20 so, now all traffic using 192.168.0.1 , 1.1, 2.1 and 3.1 as a gateway = should be able to reach the=20 internet via the modem on 192.168.10.2 , right ?=20 well, all icmp worked, perfectly=20 but everything else , ie , udp, tcp didn't=20 say for example http : packets get sent to tcp 80, tcp replies get = recieved, but no data gets back to=20 the user on 192.168.whatever strange huh ?=20 so i thought my mtu was befuqed, so i do=20 iptables --append FORWARD --proto tcp --tcp-flags SYN,RST SYN --jump = TCPMSS --clamp-mss-to-pmtu=20 no luck though.=20 tried a plethora of other stuff too , but didn't work, so i'll leave = that there=20 obviously the nat works, becuase all my icmp's are natted.=20 mmm so i go into the boxes bios set up and tell it to assign irq's to all = pci devices automatically=20 boot up into linux and do=20 ifconfig eth4 up=20 eth4: error fetching interface information: Device not found eh ? wtf ? so i do ifconfig eth0 up=20 and the device gets brought up=20 then i do ifconfig eth4 up=20 and it brings it up . Strange huh ?=20 so now i see that all my cards are swopped arround. that which used to = be eth0 is now eth4 and so=20 on and so on.=20 anyway, plug in the appropiate network cables to the relevant nics and = run the script=20 to a ping to google.com ... everything works fine.=20 right, so far so good. right back were i started now, do a HTTP-GET http://www.google.com and guess what=20 i get a lovely html page.=20 strange that changing the device irg assignment in the bios solved my = problem ?=20 any ideas what could have caused this ?=20 thanks a lot for bearing with my idiotic ramblings so far=20 ---------------- tanuki=20 ------=_NextPart_000_0176_01C468F1.EFD42000 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi all
 
 
had an interresting problem the other = day, just=20 thought i'd share it with you all and see if
any body else had a similar experience. =
 
 
I set up a small nat/firewall box for a = client of=20 ours. we had 5 interfaces and they were as follows
 
eth0   192.168.10.1 netmask=20 255.255.255.255 pointopoint 192.168.10.2   <--- = adsl modem=20  doing nat
eth1   192.168.0.1 = netmask=20 255.255.255.0
eth2   192.168.1.1 netmask=20 255.255.255.0
eth3   192.168.2.1 netmask=20 255.255.255.0
eth4    192.168.3.1 = netmask=20 255.255.255.255 pointopoint 192.168.3.2 <-- some upstairs router=20
 
and the routing table looked like you = would expect=20 it to, with
 
route add default gw 192.168.10.1 dev = eth0=20
 
also we had
 
echo "1" > = /proc/sys/net/ipv4/ip_forward=20
 
for simplicity , iptables rules were as = follows=20
 
iptables -t nat --append POSTROUTING -o = eth0 --jump=20 MASQUERADE
 
so, now all traffic using 192.168.0.1 , = 1.1, 2.1=20 and 3.1 as a gateway should be able to reach the
internet via the modem on 192.168.10.2 = , right ?=20
 
well, all icmp worked, perfectly =
 
but everything else , ie , udp, tcp = didn't=20
 
say for example http : packets get sent = to tcp 80,=20 tcp replies get recieved, but no data gets back to
the user on = 192.168.whatever
 
strange huh ?
 
so i thought my mtu was befuqed, so i = do=20
 
iptables --append FORWARD --proto tcp = --tcp-flags=20 SYN,RST SYN --jump TCPMSS --clamp-mss-to-pmtu
 
no luck though.
 
tried a plethora of other stuff too , = but didn't=20 work, so i'll leave that there
 
obviously the nat works, becuase all my = icmp's are=20 natted.
mmm
 
so i go into the boxes bios set up and = tell it to=20 assign irq's to all pci devices automatically
 
boot up into linux and do
 
ifconfig eth4 up
 
eth4: error fetching interface = information: Device=20 not found
eh ? wtf ? so i do=20 ifconfig eth0 up
 
and the device gets brought up =
 
then i do ifconfig eth4 up =
 
and it brings it up . Strange huh ?
 
so now i see that all my cards are = swopped arround.=20 that which used to be eth0 is now eth4 and so
on and so on.
 
anyway, plug in the appropiate network = cables to=20 the relevant nics and run the script
 
to a ping to google.com ... everything = works fine.=20
right, so far so good. right back were = i=20 started
 
now, do a HTTP-GET http://www.google.com and guess = what=20
i get a lovely html page.
 
strange that changing the device irg = assignment in=20 the bios solved my problem ?
 
any ideas what could have caused this ? =
 
thanks a lot for bearing with my = idiotic ramblings=20 so far
 
----------------
 
tanuki
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
------=_NextPart_000_0176_01C468F1.EFD42000-- From mboxrd@z Thu Jan 1 00:00:00 1970 From: George Alexandru Dragoi Subject: Re: Wierd problem with irqs Date: Wed, 14 Jul 2004 06:57:49 +0300 Sender: netfilter-admin@lists.netfilter.org Message-ID: <3063e5040713205720cd6fbf@mail.gmail.com> References: <017901c468e1$2c7aeb80$3b7819c4@PHAKE> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <017901c468e1$2c7aeb80$3b7819c4@PHAKE> Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii" To: tanuki Cc: netfilter@lists.netfilter.org I think it is hardware related(well, DOH), which is causing large packets dropping. You could try sending ping of different packets size, and see when they begin to get dropped ----- Original Message ----- From: tanuki Date: Tue, 13 Jul 2004 15:56:19 +0200 Subject: Wierd problem with irqs To: netfilter@lists.netfilter.org Hi all had an interresting problem the other day, just thought i'd share it with you all and see if any body else had a similar experience. I set up a small nat/firewall box for a client of ours. we had 5 interfaces and they were as follows eth0 192.168.10.1 netmask 255.255.255.255 pointopoint 192.168.10.2 <--- adsl modem doing nat eth1 192.168.0.1 netmask 255.255.255.0 eth2 192.168.1.1 netmask 255.255.255.0 eth3 192.168.2.1 netmask 255.255.255.0 eth4 192.168.3.1 netmask 255.255.255.255 pointopoint 192.168.3.2 <-- some upstairs router and the routing table looked like you would expect it to, with route add default gw 192.168.10.1 dev eth0 also we had echo "1" > /proc/sys/net/ipv4/ip_forward for simplicity , iptables rules were as follows iptables -t nat --append POSTROUTING -o eth0 --jump MASQUERADE so, now all traffic using 192.168.0.1 , 1.1, 2.1 and 3.1 as a gateway should be able to reach the internet via the modem on 192.168.10.2 , right ? well, all icmp worked, perfectly but everything else , ie , udp, tcp didn't say for example http : packets get sent to tcp 80, tcp replies get recieved, but no data gets back to the user on 192.168.whatever strange huh ? so i thought my mtu was befuqed, so i do iptables --append FORWARD --proto tcp --tcp-flags SYN,RST SYN --jump TCPMSS --clamp-mss-to-pmtu no luck though. tried a plethora of other stuff too , but didn't work, so i'll leave that there obviously the nat works, becuase all my icmp's are natted. mmm so i go into the boxes bios set up and tell it to assign irq's to all pci devices automatically boot up into linux and do ifconfig eth4 up eth4: error fetching interface information: Device not found eh ? wtf ? so i do ifconfig eth0 up and the device gets brought up then i do ifconfig eth4 up and it brings it up . Strange huh ? so now i see that all my cards are swopped arround. that which used to be eth0 is now eth4 and so on and so on. anyway, plug in the appropiate network cables to the relevant nics and run the script to a ping to google.com ... everything works fine. right, so far so good. right back were i started now, do a HTTP-GET http://www.google.com and guess what i get a lovely html page. strange that changing the device irg assignment in the bios solved my problem ? any ideas what could have caused this ? thanks a lot for bearing with my idiotic ramblings so far ---------------- tanuki From mboxrd@z Thu Jan 1 00:00:00 1970 From: "tanuki" Subject: Re: Wierd problem with irqs Date: Wed, 14 Jul 2004 08:21:25 +0200 Sender: netfilter-admin@lists.netfilter.org Message-ID: <001301c4696a$ca300110$3b7819c4@PHAKE> References: <017901c468e1$2c7aeb80$3b7819c4@PHAKE> <3063e5040713205720cd6fbf@mail.gmail.com> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii" To: George Alexandru Dragoi Cc: netfilter@lists.netfilter.org Hi thanx, didn't think of that . i'll try it and see what happens. still it is strange though tanuki ----- Original Message ----- From: "George Alexandru Dragoi" To: "tanuki" Cc: Sent: Wednesday, July 14, 2004 5:57 AM Subject: Re: Wierd problem with irqs > I think it is hardware related(well, DOH), which is causing large > packets dropping. You could try sending ping of different packets > size, and see when they begin to get dropped > > > ----- Original Message ----- > From: tanuki > Date: Tue, 13 Jul 2004 15:56:19 +0200 > Subject: Wierd problem with irqs > To: netfilter@lists.netfilter.org > > > > > > > > > > Hi all > > > > > > had an interresting problem the other day, just > thought i'd share it with you all and see if > > any body else had a similar experience. > > > > > > > I set up a small nat/firewall box for a client of > ours. we had 5 interfaces and they were as follows > > > > eth0 192.168.10.1 netmask > 255.255.255.255 pointopoint 192.168.10.2 <--- adsl modem > doing nat > > eth1 192.168.0.1 netmask > 255.255.255.0 > > eth2 192.168.1.1 netmask > 255.255.255.0 > > eth3 192.168.2.1 netmask > 255.255.255.0 > > eth4 192.168.3.1 netmask > 255.255.255.255 pointopoint 192.168.3.2 <-- some upstairs router > > > > > and the routing table looked like you would expect > it to, with > > > > route add default gw 192.168.10.1 dev eth0 > > > > > also we had > > > > echo "1" > /proc/sys/net/ipv4/ip_forward > > > > > for simplicity , iptables rules were as follows > > > > > iptables -t nat --append POSTROUTING -o eth0 --jump > MASQUERADE > > > > so, now all traffic using 192.168.0.1 , 1.1, 2.1 > and 3.1 as a gateway should be able to reach the > > internet via the modem on 192.168.10.2 , right ? > > > > > well, all icmp worked, perfectly > > > > but everything else , ie , udp, tcp didn't > > > > > say for example http : packets get sent to tcp 80, > tcp replies get recieved, but no data gets back to > > the user on 192.168.whatever > > > > strange huh ? > > > > so i thought my mtu was befuqed, so i do > > > > > iptables --append FORWARD --proto tcp --tcp-flags > SYN,RST SYN --jump TCPMSS --clamp-mss-to-pmtu > > > > no luck though. > > > > tried a plethora of other stuff too , but didn't > work, so i'll leave that there > > > > obviously the nat works, becuase all my icmp's are > natted. > > mmm > > > > so i go into the boxes bios set up and tell it to > assign irq's to all pci devices automatically > > > > boot up into linux and do > > > > ifconfig eth4 up > > > > eth4: error fetching interface information: Device > not found > > > eh ? wtf ? so i do > ifconfig eth0 up > > > > and the device gets brought up > > > > then i do ifconfig eth4 up > > > > and it brings it up . Strange huh ? > > > > so now i see that all my cards are swopped arround. > that which used to be eth0 is now eth4 and so > > on and so on. > > > > anyway, plug in the appropiate network cables to > the relevant nics and run the script > > > > to a ping to google.com ... everything works fine. > > > right, so far so good. right back were i > started > > > > now, do a HTTP-GET http://www.google.com and guess what > > > i get a lovely html page. > > > > strange that changing the device irg assignment in > the bios solved my problem ? > > > > any ideas what could have caused this ? > > > > > thanks a lot for bearing with my idiotic ramblings > so far > > > > ---------------- > > > > tanuki >