Re: clients can't use services, ok after a minute

To: debian-firewall@lists.debian.org
Subject: Re: clients can't use services, ok after a minute
From: Fabrizio Ferraro <izio_fw@fastwebnet.it>
Date: Wed, 14 Jun 2006 14:59:59 +0200
Message-id: <[🔎] jLTjg.8090$bj6.1760@tornado.fastwebnet.it>
In-reply-to: <6nn3M-4Li-1@gated-at.bofh.it>
References: <[🔎] D78A41D4-51E2-4E6A-BE16-D45AF31FEC06@gmail.com>

Dusan Smolnikar wrote:

I have freshly installed debian sarge to act as router/server.
I am using this iptables script http://tnt.aufbix.org/linux/firewall/
Everything works ok, except that my client machines from time to time  get
disconnected from the network (can ping the server but cannot accessinternet orany services on the server) Also I cannot ping the clients from theserver. And
after some time (about a minute) everything returns to normal.
Similar problem occurs right after connecting a client to the network.I can
ping the serevr but nothing else works. traceroute shows this:

traceroute to 213.14.14.14 (213.14.14.14), 64 hops max, 40 byte packets
1  root (192.168.1.1)  1.438 ms  0.621 ms  0.445 ms
2  root (192.168.1.1)  0.486 ms !N  0.481 ms !N  0.478 ms !N
a funny thing is, when I try to access the server via http://192.168.1.1
I get a password prompt saying: enter username and password for"viking" at
http://192.168.1.1
apache is not currently running. when things get back to normal after aminuteI get an ordinary "server not found". routing also works, traceroute isnormal
etc.
the same firewall script has worked on a previous sarge installationwith no
problems
any ideas where to start looking? /var/log/messages and /var/log/ syslogshow
nothing related to this problem

It seems like you have another machine on the same network with the sameIP of the router/server (192.168.1.1).

I had a somewhat similar problem due to a misconfiguration of a dhcp server.

The problem arises quite randomly and it depends on the refreshing ofthe ARP table on the clients. So, when the the client put the "wrong"MAC address in his ARP table, he can ping the server (actually he ispinging a *differet* machine), but the server can't ping the client,because the echo-reply is sent back to the wrong machine.Check the ARP table on a client machine when everything is working fineand again soon after the problem arises. You should see different MACaddresses for the same IP.


...btw, just guessing.

Reply to:

References:
- clients can't use services, ok after a minute
  - From: Dusan Smolnikar <dusan.smolnikar@gmail.com>

Prev by Date: Re: iptables by mac
Next by Date: Re: port forwarding
Previous by thread: clients can't use services, ok after a minute
Next by thread: Re: port forwarding
Index(es):
- Date
- Thread