Hi Bob, When I was on the router testing from there, the IP I was using was the private IP. That's not a big concern of mine though, I'm aware that locally-generated traffic won't be "forwarded" correctly. The issue I'm having is that external traffic is being forwarded properly, BUT that it drops the connection occasionally. It's not consistent (maybe 2 out of 5 downloads from the internet through the router to the webserver will drop), and the connections are being made, so it's not a fundamental configuration issue. It's something more sneaky. I'm thinking that there's something in the kernel or network driver that isn't functioning properly, or maybe a buffer that is becoming full and abandoning the connection? The part I added about connecting to the webserver from the router was just to prove that I had tested that the connection at least physically works like that, when taking the router out of the equation. -Jesse Bob Chiodini wrote: > > > Jesse Cantara wrote: >> Hello, >> >> I am trying to figure out a problem I'm having using CentOS on a >> machine as a router. The short story is: any traffic routed through >> the router seems to get disconnected at random occasionally. >> >> The hardware setup is: >> I have two switches, the router sits between them, the webserver on >> the LAN switch. >> The machine I'm using for the router is a Dell 860 1U rackmount with >> two NICs, one NIC on the internet, one NIC on the LAN. >> >> The routing setup is: >> I'm using IPTABLES for routing, with the following command: >> iptables -t nat -A PREROUTING -p tcp -m tcp -i eth1 --dport 6680 -j >> DNAT --to 192.168.1.10:80 >> Basically, I'm forwarding port 6680 on to the webserver (.10) on the LAN. >> >> What I have tested so far: >> If I'm at the router, I can download files from the webserver just >> fine, so the webserver setup and physical connection is OK. >> If I'm at the router, I can download files from the internet just >> fine, so the physical connection to the outside is OK as well. >> If I'm on the outside of the router (on the internet) I can download >> files directly from the router just fine. >> >> The issue is when I try to download a file from the webserver via the >> router (port 6680). It will work sometimes, but other times it will >> randomly disconnect me, at random points during the download. >> >> Watching the traffic on a packet-sniffer shows that right before the >> download fails, my client computer trying to download the file keeps >> resending "ACK" messages, the router keeps sending the next sequence >> of packets, and eventually the router sends a bunch of "RST" packets. >> >> There aren't any strange messages in /var/log/messages or dmesg in >> either the router or the webserver >> >> I need some help diagnosing this problem. Here's some info about the >> router: >> CentOS 5 >> latest kernel 2.6.18-8.1.8.el5 >> iptables v1.3.5 >> >> I've tried testing as much as I can before asking for help, but I'm at >> the end of what I know to try. Any leads as to where to look to >> diagnose, or what might cause this would help. >> >> Thanks in advance, >> -Jesse >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos > Jesse, > > What IP address are you using when you try to access the webserver (via > port 6680) from the router, the public or the private? > > If I read the iptables man page correctly, I would not expect the router > to mangle the packets generated locally for the PREROUTING table since > the packets are not "really" arriving at the eth1 interface. Maybe the > problem is that some packets are getting through at all. What happens > if you try to access the webserver from a machine on the LAN, but using > the public IP address and port 6680? > > Why not use port 80 and the private IP when accessing the webserver from > the router, and anywhere else in the LAN, and address the webserver via > 6680 when coming in from the internet. If I read your test scenarios > correctly, both of those conditions work correctly and I assume that is > your intent. > > Bob... > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >