>> Hello. I have a firewall at home which is used to protect my
>> LAN. But I
>>have a small problem in that for the past few months (using kernels 2.2.14,
>>and a 2.2.17pre with the TCP "hang" fix), outgoing connections to a
>>destination port of 80 seem to "hang," and will timeout. Connections to
>>other ports seem alright, but most of the traffic is http traffic (I know in
>>at lesat one case outgoing IRC seemed to be affected). After 20 or so
>>outgoing attempts are tried after the hang is discovered, connections start
>>working again. Existing connections continue unaffected.
>> I use a large-ish ipchains ruleset, and have port fowarding
>> turned on to
>>allow compatbility with some net games I use. It's been getting worse
>>(occuring more often) as my ipchains ruleset has grown. Any help is
>>appreciated
You probably hit the forwarded port range with your local port numbers. By
default the local port range starts from 1024. Then ports 1025, 1026 etc are
used. Now, you use portforwarding for, say, ports 2000-2010. You redirect these
ports to your internal network.
Guess what happens when your local port numbers reach 2000?
No traffic goes out for this connection. And for the next 10 connections. When
the local port reaches 2011 everything starts working again.
I discovered this in 2.0.3x when using ipautofw.
Solution: set your local port range to be outside of the portforwarded ranges
and masq range (61000+).
-- Meelis Roos (mroos@linux.ee) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Aug 31 2000 - 21:00:15 EST