From mboxrd@z Thu Jan  1 00:00:00 1970
From: =?ISO-8859-2?Q?G=E1sp=E1r_Lajos?= <swifty@freemail.hu>
Subject: Re: iptables sporadic "sendmsg: operation not permitted" problem
 and packet loss
Date: Mon, 09 Mar 2009 14:33:48 +0100
Message-ID: <49B51ABC.1080502@freemail.hu>
References: <49B2E831.3040809@conversis.de>
Mime-Version: 1.0
Content-Transfer-Encoding: QUOTED-PRINTABLE
Return-path: <netfilter-owner@vger.kernel.org>
In-Reply-To: <49B2E831.3040809@conversis.de>
Sender: netfilter-owner@vger.kernel.org
List-ID: <netfilter.vger.kernel.org>
Content-Type: text/plain; charset="iso-8859-1"; format="flowed"
To: Dennis Jacobfeuerborn <d.jacobfeuerborn@conversis.de>
Cc: netfilter@vger.kernel.org

Dennis Jacobfeuerborn =EDrta:
> Hi,
>
> I'm running into a problem on a machine that right now acts as a=20
> simple gateway but is supposed to become a firewall too. When I start=
=20
> iptables using "/etc/init.d/iptables start" on the Centos 5.2 machine=
=20
> first everything works fine but after about 30 seconds I'm seeing=20
> packet loss and running a ping outputs "sendmsg: operation not=20
> permitted" sporadically.
> The moment I stop iptables again everything returns to normal. What i=
s=20
> consufing to me is that I don't even have any rules defined so far.=20
> This is what my "/etc/sysconfig/iptables" file looks like:
>
> # Generated by iptables-save v1.3.5 on Thu Mar  5 17:40:28 2009
> *filter
> :INPUT ACCEPT [26715202:4750206096]
> :FORWARD ACCEPT [1382646771:1563210213960]
> :OUTPUT ACCEPT [22930985:6256734041]
> COMMIT
>
> iptables -L says:
>
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Does anyone have an idea why that would have such a severe impact on=20
> the traffic? The fact that it takes a moment for the problems to show=
=20
> up makes me suspect some kind of buffer issue so that the packet loss=
=20
> only begins to occur after some buffer begins to overflow. That just =
a=20
> guess though and I have no idea what buffer that could be.
>
> Regards,
>   Dennis
>

Hi Dennis,

What about the other tables?

iptables -vnL -t raw
iptables -vnL -t mangle
iptables -vnL -t nat

Swifty