[CentOS] CentOS based router dropping connections
Jesse Cantara
jesse_cantara at esupport.com
Fri Jul 20 16:29:20 UTC 2007
Hi Bob,
When I was on the router testing from there, the IP I was using was the
private IP.
That's not a big concern of mine though, I'm aware that
locally-generated traffic won't be "forwarded" correctly.
The issue I'm having is that external traffic is being forwarded
properly, BUT that it drops the connection occasionally. It's not
consistent (maybe 2 out of 5 downloads from the internet through the
router to the webserver will drop), and the connections are being made,
so it's not a fundamental configuration issue. It's something more
sneaky. I'm thinking that there's something in the kernel or network
driver that isn't functioning properly, or maybe a buffer that is
becoming full and abandoning the connection?
The part I added about connecting to the webserver from the router was
just to prove that I had tested that the connection at least physically
works like that, when taking the router out of the equation.
-Jesse
Bob Chiodini wrote:
>
>
> Jesse Cantara wrote:
>> Hello,
>>
>> I am trying to figure out a problem I'm having using CentOS on a
>> machine as a router. The short story is: any traffic routed through
>> the router seems to get disconnected at random occasionally.
>>
>> The hardware setup is:
>> I have two switches, the router sits between them, the webserver on
>> the LAN switch.
>> The machine I'm using for the router is a Dell 860 1U rackmount with
>> two NICs, one NIC on the internet, one NIC on the LAN.
>>
>> The routing setup is:
>> I'm using IPTABLES for routing, with the following command:
>> iptables -t nat -A PREROUTING -p tcp -m tcp -i eth1 --dport 6680 -j
>> DNAT --to 192.168.1.10:80
>> Basically, I'm forwarding port 6680 on to the webserver (.10) on the LAN.
>>
>> What I have tested so far:
>> If I'm at the router, I can download files from the webserver just
>> fine, so the webserver setup and physical connection is OK.
>> If I'm at the router, I can download files from the internet just
>> fine, so the physical connection to the outside is OK as well.
>> If I'm on the outside of the router (on the internet) I can download
>> files directly from the router just fine.
>>
>> The issue is when I try to download a file from the webserver via the
>> router (port 6680). It will work sometimes, but other times it will
>> randomly disconnect me, at random points during the download.
>>
>> Watching the traffic on a packet-sniffer shows that right before the
>> download fails, my client computer trying to download the file keeps
>> resending "ACK" messages, the router keeps sending the next sequence
>> of packets, and eventually the router sends a bunch of "RST" packets.
>>
>> There aren't any strange messages in /var/log/messages or dmesg in
>> either the router or the webserver
>>
>> I need some help diagnosing this problem. Here's some info about the
>> router:
>> CentOS 5
>> latest kernel 2.6.18-8.1.8.el5
>> iptables v1.3.5
>>
>> I've tried testing as much as I can before asking for help, but I'm at
>> the end of what I know to try. Any leads as to where to look to
>> diagnose, or what might cause this would help.
>>
>> Thanks in advance,
>> -Jesse
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
> Jesse,
>
> What IP address are you using when you try to access the webserver (via
> port 6680) from the router, the public or the private?
>
> If I read the iptables man page correctly, I would not expect the router
> to mangle the packets generated locally for the PREROUTING table since
> the packets are not "really" arriving at the eth1 interface. Maybe the
> problem is that some packets are getting through at all. What happens
> if you try to access the webserver from a machine on the LAN, but using
> the public IP address and port 6680?
>
> Why not use port 80 and the private IP when accessing the webserver from
> the router, and anywhere else in the LAN, and address the webserver via
> 6680 when coming in from the internet. If I read your test scenarios
> correctly, both of those conditions work correctly and I assume that is
> your intent.
>
> Bob...
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
More information about the CentOS
mailing list