NAT Problem Solved, New Problem

Post by Breen Ouellett » Tue, 16 Nov 1999 04:00:00

I posted this a couple days ago, never showed up.  Please excuse if
it got to your server.


    I posted earlier about having problems setting up ipnat.  It turns
out that a switch of NICs fixed it up.  The offending chipset was the
Realtek 8129.  I tried two different cards based on this chipset with
poor results, but when I changed to a Via Rhine based card it worked no

    Now the problem is that I don't know who to inform about this
problem.  I would guess it was driver support considering I used two
different types of cards based on the Realtek chipset.  Who do I tell
and what information are they going to want?

    -Breen Ouellette


1. NAT and ISP problem: lowering mtu and disabling ECN did not solve

Good morning, I'm Giacomo Strangolino from Italy.

I posted some days ago a problema about NAT and Internet Service Provider

I finished developing an ipv4 forewall with NAT/MASQUERADING and have been
testing it
for some time with success connecting from home to my ISP named "libero".

Then i changed ISP to another one, called "telecom" and with great surprise
i discovered that
images from sites and also sites failed to load.

So now, when i call an ISP all works fine, when i call the other, things go

I NAT machines behind my firewall changing only ips and ports, and
recalculating checksum (ip and tcp/udp)
to adjust such changes.
I do not touch any other field as window size or seq number or ack, since
the only things i manipulate are
addresses and ports.

I was wondering what i could do to solve, since iptables and ipfw+natd on
freeBSD or winXP sp2 work fine
with this ISP...

Tweaking with ethereal i found that probably sometimes a tcp segment gets

 * Thanks to news help, i tried to lower MTU and to disable ECN, but the
problem persists. *

My firewall is a 2.6.12 kernel module which registers with netfilter hooks.
A userspace program sends rules to
kernel via netlink.

I thank anyone who could help me find the way to fix the problem or
understand what could be wrong with an
ISP network and anyway work fine with the other.

Thanks a lot

Giacomo S. Udine, Italy

