[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] server not forwarding packets for Windows clients





Les Mikesell wrote:
On Tue, 2006-01-31 at 18:55, Petre Scheie wrote:

It appears to be a NAT problem: while chkconfig shows that the /etc/init.d/nat script will be run for runlevels 2,3,4 & 5, it seems to quit working after a while. It's one of the few scripts that does not have a 'status' parameter, although I could probably check /proc/sys/net/ipv4/ip_forward.


Most of the init scripts start some associated process.  This one
just makes an iptables setting.


Since it wasn't working, I had the workstations plugged into the main network switch so that they bypassed the ltsp server. This afternoon, I re-ran the /etc/init.d/nat script and presto! it started working. So, I moved a couple of the Windows boxes back to the ltsp switch, and they were working fine. Then about three hours later I got a call from the users saying those machines couldn't connect to the internet. I ssh'd in, restarted NAT, and presto! it started working again. What would make it die like that? For now, I just made a crontab entry that restarts /etc/init.d/nat once per hour. I'd like to see its state under /proc when it stops working, but I don't want to put the users through the pain of it stopping again.


This is just a guess, but could you have viruses on the client
windows boxes that are trying to connect to random addresses
as fast as they can cycle through them?  The nat module has to track
the addresses with a table entry that will take a while to time out
even if the connection does not succeed.  You can see it with
'cat /proc/net/ip_conntrack'.  If you see a lot of sequentially
increasing addresses - or notice that when watching with tcpdump or
ethereal you can be pretty sure it is a virus trying to spread.

Considering that the client machines are all donated, I'd say yes, a virus is quite possible. The machines were already present when I arrived on the scene, so I have no idea about their heritage. I looked at /proc/net/ip_conntrack but there were only a few entries, but it was late in the evening and I'm not sure if the machines were still turned on. I setup a cronjob to log the output from /proc/net/ip_conntrack. I also turned off the nat restarting script: when I checked /proc/sys/net/ipv4/ip_forward this morning, it was still set to 1, but of course the office is empty overnight. I'm logging ip_forward's state every ten minutes to see if anything changes.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]