[CentOS] router NAT problem

Mintairov Mikhail

mikxalich at yandex.ru
Thu Jun 11 18:14:20 UTC 2009


Hello All. I have a strange problem on  my router. I use a xl2tpd
program to establish a connection to the INTERNET. After I start xl2tpd
it's create a new ppp0 device with correct ip parameters, also it's add
some routes to the routing table and all this routes are correct too.
After connection with provider are establish the router exec some simple
iptables+NAT commands to give an INTERNET access to the LAN computers,
and everything was working fine for a 2 or 3 years. But now but the
local computers (192.168.127.0/24) con not establish a connection to
some web sites or to some ftp servers. However, if I try to access to
the same web sites from my router everything is good and it can access
to every web or ftp server. 

First of all I recheck router table, and it's was correct. After it I
rewrite my iptables rules (to create a simplest roles as can be)

iptables -F
iptables -F -t nat
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.127.0/24 -j SNAT
--to-source [my internet ip]

And nothing good happen. I try to use tcpdump to understand the problem,
and not found the answer. Because there was no errors. Every packet from
192.168.127.0 iface had correct routing to ppp0 iface and after it the
SNAT change the packets source ip to [my internet ip]. So everything
looks correct, but when I try to access to some sites from router and
from 192.168.127.[some] computer the "tcpdump -n ppp0" output was not
the same.

Here the "tcpdump -i ppp0 -n" output of situation when I try to access
to one of web site from my router

-------------------------------------------------------------------------------------------------------
01:13:23.293205 IP[my internet ip].34178 > 194.67.57.226.http: S
3824762316:3824762316(0) win 5680 <mss 1420,sackOK,timestamp 335559
0,nop,wscale 7>
01:13:23.309819 IP 194.67.57.226.http >[my internet ip].34178: S
715197421:715197421(0) ack 3824762317 win 5792 <mss
1460,sackOK,timestamp 3391122112 335559>
01:13:23.309874 IP[my internet ip].34178 > 194.67.57.226.http: . ack 1
win 5680 <nop,nop,timestamp 335563 3391122112>
01:13:23.310118 IP[my internet ip].34178 > 194.67.57.226.http: P
1:585(584) ack 1 win 5680 <nop,nop,timestamp 335563 3391122112>
01:13:23.320893 IP 194.67.57.226.http >[my internet ip].34178: . ack 585
win 6424 <nop,nop,timestamp 3391122128 335563>
01:13:23.336371 IP 194.67.57.226.http >[my internet ip].34178: .
1:1409(1408) ack 585 win 6424 <nop,nop,timestamp 3391122144 335563>
01:13:23.336412 IP[my internet ip].34178 > 194.67.57.226.http: . ack
1409 win 8448 <nop,nop,timestamp 335570 3391122144>
01:13:23.377324 IP 194.67.57.226.http >[my internet ip].34178: .
1409:2817(1408) ack 585 win 6424 <nop,nop,timestamp 3391122144 335563>

.............................. and alot of same strings
-------------------------------------------------------------------------------------------------------

And here the "tcpdump -i ppp0 -n" output of situation when I try to
access to the same web site from 192.168.127.[some] computer. 

-------------------------------------------------------------------------------------------------------
01:20:31.783723 IP[my internet ip].39044 > 194.67.57.20.http: S
3269053516:3269053516(0) win 5840 <mss 1460,sackOK,timestamp 12725586
0,nop,wscale 6>
01:20:31.794530 IP 194.67.57.20.http >[my internet ip].3 9044: S
2208770058:2208770058(0) ack 3269053517 win 5792 <mss
1460,sackOK,timestamp 568417946 12725586>
01:20:31.819422 IP[my internet ip].39044 > 194.67.57.20.http: . ack 1
win 5840 <nop,nop,timestamp 12725598 568417946>
01:20:33.281135 IP[my internet ip].39044 > 194.67.57.20.http: P
1:689(688) ack 1 win 5840 <nop,nop,timestamp 12727083 568417946>
01:20:33.291594 IP 194.67.57.20.http >[my internet ip].39044: . ack 689
win 6880 <nop,nop,timestamp 568419443 12727083>
01:20:46.431758 IP[my internet ip].39044 > 194.67.57.20.http: F
689:689(0) ack 1 win 5840 <nop,nop,timestamp 12740233 568419443>
01:20:46.481649 IP 194.67.57.20.http >[my internet ip].39044: . ack 690
win 6880 <nop,nop,timestamp 568432635 12740233>
-------------------------------------------------------------------------------------------------------

As you can see the first 5 strings of those outputs are the same, but in
the second situation there are no data transferring, and after 13 second
of waiting the local computer send a FIN TCP packet (string number 6 in
second listing). 

So, maybe someone can help me with understanding of this problem,
because I don't have any ideas what can I do. I also know that router
didn't have any hardware problem, because I have try to replace this
router to another server and nothing has changed.






More information about the CentOS mailing list