[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

cobalt raq2 as a router - weird connection issues

I'm trying to replace my old Pentium router/firewall with my raq2, the one with two NIC's.  The interfaces themselves seem stable - I'm not having that standard problem of the interface dying after time.  It was acting as a stable web/email/irc/ssh server behind my pentium router for a long time (using eth0), and I've done some stress tests on eth1 and that seems fine also.

What it's doing is when I enable NAT and try to go out to the internet from the lan, things get weird.  Some things work and others don't, and I have no idea what the pattern is.  For instance, I can get to my school's website at www.uakron.edu, but not the one down the road at www.kent.edu.  I can get to google and do a search, but if i try to go to any of the url's (like tldp.org), it won't.  I can even get to a server I have a shell on, at http://irc.shroomery.org/~link BUT can't get to http://irc.shroomery.org/~link/stats.  Same server, but the latter hangs.  The connections hang on 'waiting for site'.  I can also ssh to that server, but can't sftp, it won't connect.  I can duplicate this on several machines.  The web issues I can duplicate with both IE, firefox and lynx.  I can get to all those sites fine from the cobalt itself.  It's just the machines behind it.

I was originally using a patched custom kernel compile of 2.4.31, which was working fine until this.  After running into this issue, I tried the 2.4.27 debian kernel someone posted in an earlier thread.  Still had the same issue (which is currently my ONLY issue)

Thinking it might be my firewall, I flushed all the rules, set the default policies to ACCEPT, enabled forwarding, and made a rule for NAT, and that's it.  No deny rules.  Still had the same issues - some things work, others don't.  It's not the connection nor my ISP.  If I put my old router up, everything's fine.

I was able to run a 'tcpdump -xX -s 1024' on both interfaces at one point, and noticed that at the point of dying, the last packet seen is fine coming in eth1 from the LAN, but when it leaves ppp0, it's garbled.  The top line that says something like:

09:00:07.212048 IP 123.321.123.321.123 > 321.123.321.123.321

It looked something like that on eth1, but when it left ppp0 the ip section got garbled into something like this:

09:00:07.212048 646d 578e fa48 0004 4297 c00c 069a 3438 bc54

which is what the data section of the packet should contain.

I'm at a loss.  I guess I should try to set it up as a router behind my existing router, and rule out the possibility of it being a PPPoE thing.  That'll be a bit of a pain, but if someone thinks it's worth a shot, I'll try it.  The fact that some things work fine and others don't work at all and there's no pattern, yet it's repeatable, just has be baffled, and I don't know where to look.  I've tried different kernels, and even compiled a different version of iptables.  Not sure what else would be relevant.  Any suggestions would be really appreciated.


I have often wondered if the majority of mankind ever pause to reflect upon the occasionally titanic significance of dreams, and of the obscure world to which they belong.  -- H.P. Lovecraft
Reply to: