[ale] IP Masquerading / IPChains Time Out trouble
Jeff Dilcher
dilcher at cueva.com
Sun Sep 12 19:49:40 EDT 1999
Hello all,
I have had IP Masquerading / IPChains set up
for some time, and it usually works without
any trouble.
However, I have been noticing that larger downloads,
either FTP or HTTP have been timing out, and failing
to recieve files. Usually this occurs in exactly
the same moment in a download, even when I retry
a second time. The download just hangs and then
gives up.
For instance, most recently, I was downloading a
28 meg file, and every time it would hang at
5.08 megs into the download.
Weird!
Any one have any suggestions?
Here is my IP Chains rules, incase I might have
something screwy there:
# Needed to initially load modules
#
/sbin/depmod -a
# Supports the proper masquerading of FTP file transfers using the
#por method
/sbin/modprobe ip_masq_ftp
# Supports the masquerading of RealAudio over UDP. Without this
/sbin/modprobe ip_masq_raudio
# Supports the masquerading of IRC DCC file transfers
/sbin/modprobe ip_masq_irc
#Quake I / QuakeWorld (ports 26000 and 27000)
/sbin/modprobe ip_masq_quake
#Quake I / QuakeWorld / and Quake II (ports 26000, 27000, 27910)
/sbin/modprobe ports=ip_masq_quake 26000,27000,27910
#CRITICAL: Enable IP forwarding since it is disabled by default since
FORWARD_IPV4=true
#
echo "1" > /proc/sys/net/ipv4/ip_forward
# Dynamic IP users:
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# MASQ timeouts
ipchains -M -S 86400 60 120
# Enable simple IP forwarding and Masquerading
ipchains -P forward DENY
ipchains -A forward -s 192.168.1.0/24 -j MASQ
ipchains -A input -j ACCEPT -i eth1 -s 0/0 68 -d 0/0 67 -p udp
More information about the Ale
mailing list