Very Computer

by **Olivier Gaumon** » Fri, 03 May 2002 11:26:20

Hi,
I read the IP Masquerading HowTo and tried to set it up an my Linux box (Red
Hat 7.1 and kernel 2.4.x)

With the rc.firewall-2.4 test file everything works as long as I'm using the
Linux Box. However after the Linux box has been inactive for a couple of
minutes masquerading doesn't work anymore. Everything comes back if I
re-run the script (/etc/rc.d/init.d/firewall-2.4). It's very annoying to
re-run the script every 5 minutes! A reboot also arrange things but only
for a couple of minutes.

I'm a beginner but I think I have followed carrefully every steps in the
HowTo. I really don't know what to do to trace my problem. Anyone has an
idea?

Thanks

Olivier

by **Jeroen Geilma** » Sat, 04 May 2002 05:16:40

Somewhere around Thu, 02 May 2002 04:26:20 +0200, Olivier Gaumond was seen
engraving on a handy slab of granite:

Quote:> Hi,
> I read the IP Masquerading HowTo and tried to set it up an my Linux box
> (Red Hat 7.1 and kernel 2.4.x)

> With the rc.firewall-2.4 test file everything works as long as I'm using
> the Linux Box. However after the Linux box has been inactive for a
> couple of minutes masquerading doesn't work anymore. Everything comes
> back if I re-run the script (/etc/rc.d/init.d/firewall-2.4). It's very
> annoying to re-run the script every 5 minutes! A reboot also arrange
> things but only for a couple of minutes.

The RedHat distro's normally load additional modules dynamically,
additional modules being those that are not loaded on startup (via
rc.sysinit & the runlevel scripts) - and it sets them to "autoclean", i.e.
when they aren't used for 1 minute or so they are unloaded.

Do a "lsmod" to see which modules have the autoclean flag set, if any of
them are iptable_* or ipt_* (* meaning anything) then that's what happens.

You can override this in the script which loads the modules for the
firewall (there are quite a few of those) on the commandline, try a "man
insmod" for details.

HTH

--
Confusion is my middle finger.

by **Olivier Gaumo** » Mon, 06 May 2002 06:24:34

> The RedHat distro's normally load additional modules dynamically,
> additional modules being those that are not loaded on startup (via
> rc.sysinit & the runlevel scripts) - and it sets them to "autoclean", i.e.
> when they aren't used for 1 minute or so they are unloaded.

> Do a "lsmod" to see which modules have the autoclean flag set, if any of
> them are iptable_* or ipt_* (* meaning anything) then that's what happens.

> You can override this in the script which loads the modules for the
> firewall (there are quite a few of those) on the commandline, try a "man
> insmod" for details.

> HTH

You were right, some module were autocleaned.

I add some lines to load them manually in the firewall script, however
I still get the same trouble.

Any other idea?

Olivier