[K12OSN] server not forwarding packets for Windows clients

[Les Mikesell]

On Tue, 2006-01-31 at 18:55, Petre Scheie wrote:
> > 
> It appears to be a NAT problem: while chkconfig shows that the 
> /etc/init.d/nat script will be run for runlevels 2,3,4 & 5, it seems to 
> quit working after a while.  It's one of the few scripts that does not 
> have a 'status' parameter, although I could probably check 
> /proc/sys/net/ipv4/ip_forward. 

Most of the init scripts start some associated process.  This one
just makes an iptables setting.

>  Since it wasn't working, I had the 
> workstations plugged into the main network switch so that they bypassed 
> the ltsp server.  This afternoon, I re-ran the /etc/init.d/nat script 
> and presto! it started working.  So, I moved a couple of the Windows 
> boxes back to the ltsp switch, and they were working fine.  Then about 
> three hours later I got a call from the users saying those machines 
> couldn't connect to the internet.  I ssh'd in, restarted NAT, and 
> presto! it started working again.  What would make it die like that? 
> For now, I just made a crontab entry that restarts /etc/init.d/nat once 
> per hour.  I'd like to see its state under /proc when it stops working, 
> but I don't want to put the users through the pain of it stopping again.

This is just a guess, but could you have viruses on the client
windows boxes that are trying to connect to random addresses
as fast as they can cycle through them?  The nat module has to track
the addresses with a table entry that will take a while to time out
even if the connection does not succeed.  You can see it with
'cat /proc/net/ip_conntrack'.  If you see a lot of sequentially
increasing addresses - or notice that when watching with tcpdump or
ethereal you can be pretty sure it is a virus trying to spread.

-- 
  Les Mikesell
   les at futuresource.com