ip masquerading - webpages won't load all the time

ip masquerading - webpages won't load all the time

Post by John Thompse » Wed, 20 Mar 2002 02:21:06



I have Red Hat 7.1 (kernel 2.4.2-2) acting as a gateway for a win2k machine.
When I try to view web pages using the windows machine, sometimes the page
begins to display but then stops with an error messgage (IE - "The page
cannot be displayed"; Netscape - "A network connection error occured while
Netscape was receiving data (Network Error:  Connection reset by peer)").
Often, if I press reload many times the page will eventually display.  I
never have any problem viewing pages from the linux box...this makes me
think that it's not forwarding all the data all the time.
Any help is much appreciated.
Thanks.

John

 
 
 

ip masquerading - webpages won't load all the time

Post by David Efflan » Wed, 20 Mar 2002 10:22:17



> I have Red Hat 7.1 (kernel 2.4.2-2) acting as a gateway for a win2k machine.
> When I try to view web pages using the windows machine, sometimes the page
> begins to display but then stops with an error messgage (IE - "The page
> cannot be displayed"; Netscape - "A network connection error occured while
> Netscape was receiving data (Network Error:  Connection reset by peer)").
> Often, if I press reload many times the page will eventually display.  I
> never have any problem viewing pages from the linux box...this makes me
> think that it's not forwarding all the data all the time.
> Any help is much appreciated.
> Thanks.

You do not say what kind of internet connection you have, but 2 potential
causes are ECN (which I think is disabled by making sure that
/proc/sys/net/ipv4/tcp_ecn, if it exists, contains zero), or an mtu
discovery problem (if using pppoe).

pppoe uses an 8 byte header, so to fit within 1500 byte ethernet, pppoe
has max mtu of 1492, but in some cases it is less.  If there is an mtu
discovery problem, you may need to set mtu of LAN ethernet devices to 1492
or less (but not the nic that carries pppoe itself).

--
David Efflandt - All spam ignored
http://www.autox.chicago.il.us/  http://www.berniesfloral.net/
http://www.nsscc.com/ - free driver school Friday nights in March

 
 
 

ip masquerading - webpages won't load all the time

Post by Adaptr » Wed, 20 Mar 2002 10:45:53



<snippage>

Quote:> Often, if I press reload many times the page will eventually display.  I
> never have any problem viewing pages from the linux box...this makes me
> think that it's not forwarding all the data all the time.

Well, you should test this then !
One way is to install & run squid - standard on redhat distro's
then set this as your proxy from the windows machine
(your.linux.box.ipaddress:3128 is the standard port)
and see how that goes...
if it works, then nope, your configuration's at fault
if it still doesn't work, it could be a hardware problem, or a kernel
hiccup..
Quote:> Any help is much appreciated.
> Thanks.

> John

 
 
 

ip masquerading - webpages won't load all the time

Post by Tauno Voipi » Wed, 20 Mar 2002 18:17:22





> > I have Red Hat 7.1 (kernel 2.4.2-2) acting as a gateway for a win2k
machine.
> > When I try to view web pages using the windows machine, sometimes the
page
> > begins to display but then stops with an error messgage (IE - "The page
> > cannot be displayed"; Netscape - "A network connection error occured
while
> > Netscape was receiving data (Network Error:  Connection reset by
peer)").
> > Often, if I press reload many times the page will eventually display.  I
> > never have any problem viewing pages from the linux box...this makes me
> > think that it's not forwarding all the data all the time.
> > Any help is much appreciated.
> > Thanks.

> You do not say what kind of internet connection you have, but 2 potential
> causes are ECN (which I think is disabled by making sure that
> /proc/sys/net/ipv4/tcp_ecn, if it exists, contains zero), or an mtu
> discovery problem (if using pppoe).

Does your firewall kill DHCP messages? It destroys the MTU discovery and
creates problems with the segment sizes.

Disabling DHCP in firewall is Not A Good Idea.

Tauno Voipio

 
 
 

ip masquerading - webpages won't load all the time

Post by David M » Thu, 21 Mar 2002 03:19:09


<snip>
Quote:> Does your firewall kill DHCP messages? It destroys the MTU discovery and

                          ^^^^
<snip>

Do you mean ICMP?

--
Registered Slackware Linux user #246340
http://counter.li.org./

 
 
 

ip masquerading - webpages won't load all the time

Post by Tauno Voipi » Thu, 21 Mar 2002 04:13:49




> <snip>
> > Does your firewall kill DHCP messages? It destroys the MTU discovery and
>                           ^^^^
> <snip>

> Do you mean ICMP?

Yes - sorry, it was too late here ...

Tauno

 
 
 

ip masquerading - webpages won't load all the time

Post by David M » Thu, 21 Mar 2002 06:17:43


<snip>
Quote:> Yes - sorry, it was too late here ...

<snip>

np

--
Registered Slackware Linux user #246340
http://counter.li.org./

 
 
 

ip masquerading - webpages won't load all the time

Post by John Thompse » Fri, 22 Mar 2002 01:52:10


Thanks everyone for your help so far, but no luck.

I've completely disabled the firewall so that I can fix this problem, so
it's not that.
I tried setting the MTU of the interfaces to 1420 (it is a pppoe adsl
connection), the problem still occurs.

Does anyone have any ideas on tests I could run to try and see where exactly
the problem is occuring?

Thanks :)

--






> > > I have Red Hat 7.1 (kernel 2.4.2-2) acting as a gateway for a win2k
> machine.
> > > When I try to view web pages using the windows machine, sometimes the
> page
> > > begins to display but then stops with an error messgage (IE - "The
page
> > > cannot be displayed"; Netscape - "A network connection error occured
> while
> > > Netscape was receiving data (Network Error:  Connection reset by
> peer)").
> > > Often, if I press reload many times the page will eventually display.
I
> > > never have any problem viewing pages from the linux box...this makes
me
> > > think that it's not forwarding all the data all the time.
> > > Any help is much appreciated.
> > > Thanks.

> > You do not say what kind of internet connection you have, but 2
potential
> > causes are ECN (which I think is disabled by making sure that
> > /proc/sys/net/ipv4/tcp_ecn, if it exists, contains zero), or an mtu
> > discovery problem (if using pppoe).

> Does your firewall kill DHCP messages? It destroys the MTU discovery and
> creates problems with the segment sizes.

> Disabling DHCP in firewall is Not A Good Idea.

> Tauno Voipio


 
 
 

ip masquerading - webpages won't load all the time

Post by David M » Fri, 22 Mar 2002 03:57:54


<snip>
Quote:> Does anyone have any ideas on tests I could run to try and see where
> exactly the problem is occuring?

<snip>

You need to trace one of these transactions that gets reset (using tcpdump
or ethereal). You should be able to find the spot where the remote side
sends the RST to you (this will be easiest in the Ethereal GUI, so I
suggest using it even if you don't use it to make the initial capture),
right before that will be part where your box sends something bad to the
remote side which makes it (the remote side) abort the connection.

--
Registered Slackware Linux user #246340
http://counter.li.org./

 
 
 

1. IP Masquerade Modules won't load

Hope someone can help me out here.
I'm trying to load some ip masquerade modules but can't seem to get this

right.
Here's what I've done so far:

    1) Compiled kernel with modules support
    2) Compiled kernel with ip masquerade support (I've tried kernels
2.0.30, 2.1.43, and 2.1.55)
    3) Each time, I've run "make modules" and "make modules_install"
    4) In my rc.local file, I have the following lines:
        /sbin/depmod -a
        /sbin/modprobe ip_masq_ftp.o
        /sbin/modprobe ip_masq_irc.o
        /sbin/modprobe ip_masq_quake.o
        /sbin/modprobe ip_masq_raudio.o

So far, so good.

Here's what I get when I reboot:

    *** Unresolved symbols in module
/lib/modules/2.1.55/ipv4/ip_masq_ftp.o
      (also irc, quake, and raudio)
    kernel_version needed, but can't be found
      (I get this line once for each module)

Any ideas?

Thanks in advance!

-- Ludio --


2. close() and __close()? (and __XXXX functions)

3. IP Masquerading won't even load

4. Compiling ApacheJServ

5. Lilo won't load os/2, os/2 won't load lilo

6. TCNS 100MBit ARCnet anybody tried yet?

7. IP-MASQUERADE won't work from HPUX

8. SMC 8416

9. apache restart:webpages don't load

10. IP for masqueraded net other than masquerading host IP

11. IP Masquerading - Can't use Host names only IP address

12. IP Masquerading and muiltiple IP's

13. IP Masquerade with Novell's IP Tunnel