* Iptables is resetting
@ 2005-08-04 14:50 Joseph Nicholson
2005-08-05 6:28 ` Jan Engelhardt
0 siblings, 1 reply; 3+ messages in thread
From: Joseph Nicholson @ 2005-08-04 14:50 UTC (permalink / raw)
To: netfilter
I have been seeing an issue lately when using Iptables on a Fedora
Core 3 box. The version number is 1.2.11. Some of my users have been
complaining that sometimes the connection will stop working. If I go
in the box and re-apply the config then everything will start working
again. I have listed the tables before I re-applied and see that they
are all still there, but for some reason they stop working. I have
the following NAT rules running:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT all -- 0.0.0.0/0 1.2.3.4 to:10.65.0.4
DNAT all -- 0.0.0.0/0 1.2.3.5 to:10.65.1.5
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 10.65.0.4 0.0.0.0/0 to:1.2.3.4
SNAT all -- 10.65.1.5 0.0.0.0/0 to:1.2.3.5
SNAT all -- 0.0.0.0/0 0.0.0.0/0 to:1.2.3.3
1.2.3.4 is a Cisco pix running a vpn tunnel to a remote location.
1.2.3.5 is a desktop PC I use for remote management.
1.2.3.3 is the eth0 (outside interface) of the linux box.
This box is setup as a router.
When the VPN tunnel that 1.2.3.4 has is up and running I can do a
constant ping to the inside interface of the Pix. Several times a day
it will stop responding to pings. If I go and re-apply the iptables
using webmin, then it will start working again.
The last SNAT rules is for the 800+ users I have running on the inside
of this network.
I tried looking to see if this was a known issue, but I could not find
any info on it. It is possible that since I am still fairly new to
iptables then i might not have been looking for the answer in the
correct place.
I read the NAT tutorials listed on the netfilter site and I am
confident that I have my rules setup properly.
I greatly appreciate any help in advance.
--
Joseph Nicholson
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Iptables is resetting
2005-08-04 14:50 Iptables is resetting Joseph Nicholson
@ 2005-08-05 6:28 ` Jan Engelhardt
2005-08-05 15:50 ` curby .
0 siblings, 1 reply; 3+ messages in thread
From: Jan Engelhardt @ 2005-08-05 6:28 UTC (permalink / raw)
To: Joseph Nicholson; +Cc: netfilter
>I have been seeing an issue lately when using Iptables on a Fedora
>Core 3 box. The version number is 1.2.11. Some of my users have been
>complaining that sometimes the connection will stop working. If I go
Maybe something is calling iptables -F spuriously?
Jan Engelhardt
--
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Iptables is resetting
2005-08-05 6:28 ` Jan Engelhardt
@ 2005-08-05 15:50 ` curby .
0 siblings, 0 replies; 3+ messages in thread
From: curby . @ 2005-08-05 15:50 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter
On 8/5/05, Jan Engelhardt <jengelh@linux01.gwdg.de> wrote:
> Maybe something is calling iptables -F spuriously?
On 8/4/05, Joseph Nicholson <wjnicholson@gmail.com> wrote:
> I have listed the tables before I re-applied and see that they
> are all still there, but for some reason they stop working.
You mention that your userbase is large. Wild guess, but could the
conntrack table be filling up or could it be some other load-based
thing? I believe /proc/net/ip_conntrack stores state of tracked
connections.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-08-05 15:50 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-08-04 14:50 Iptables is resetting Joseph Nicholson
2005-08-05 6:28 ` Jan Engelhardt
2005-08-05 15:50 ` curby .
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.