[Shorewall-users] Shorewall, rp-pppoe & big transfers

Dominique Archambault apox at yahoo.com
Thu Dec 11 21:46:10 PST 2003


st1\:*{behavior:url(#default#ieooui) }
Hi,

 

First of all, thanks to everyone on this list (particularlyTom), I#8217;ve managed to learn a great deal since I started working withShorewall and monitoring this mailing list!

 

So I come to you today with an interesting problem (at leastfor me), concerning the use of Shorewall with an rp-pppoe managed connection.

 

Whenever I start big transfers on my NATed machines that arefast enough to use up all my bandwidth, the pppoe connection shuts down after aminute or two (sometimes three) of intense download. This is what thepppoe/pppd log entries say:

 

Dec 11 21:32:05helios pppoe[11017]: Session 437 terminated -- received PADT from peer

Dec 11 21:32:05helios pppoe[11017]: Sent PADT

Dec 11 21:32:05helios pppd[10919]: Modem hangup

Dec 11 21:32:05helios pppd[10919]: Connection terminated.

Dec 11 21:32:05helios pppd[10919]: Connect time 15.0 minutes.

Dec 11 21:32:05helios pppd[10919]: Sent 3675916 bytes, received 124650419 bytes.

 

I am pretty sure that this issue is related to Shorewall oneway or another, because if I try the exact same download on my Shorewallmachine, all goes well. The problem only occurs when downloading from a NATedmachine.

 

I#8217;ve examined my Shorewall logs, but there seems to benothing out of the ordinary. Here are the last few entries before the pppoe connection#8217;sdeath:

 

Dec 11 21:31:52helios Shorewall:net2all:DROP: IN=ppp0 OUT= MAC= SRC=80.130.141.9 DST=207.112.44.134LEN=64TOS=00PREC=0x00 TTL=116 ID=63678 CE DF PROTO=TCP SPT=3659 DPT=4662SEQ=1476083001 ACK=0WINDOW=54784 SYN URGP=0

Dec 11 21:31:56helios Shorewall:net2all:DROP: IN=ppp0 OUT= MAC= SRC=132.210.35.238 DST=207.112.44.134LEN=60TOS=00PREC=0x00 TTL=41 ID=48037 CE DF PROTO=TCP SPT=48626 DPT=4662SEQ=920203276 ACK=0WINDOW=5840 SYN URGP=0

Dec 11 21:31:59helios Shorewall:net2all:DROP: IN=ppp0 OUT= MAC= SRC=132.210.35.238 DST=207.112.44.134LEN=60TOS=00PREC=0x00 TTL=41 ID=48038 CE DF PROTO=TCP SPT=48626 DPT=4662SEQ=920203276 ACK=0WINDOW=5840 SYN URGP=0

 

(as you can see, I#8217;m getting swarmed by unrequested eMulepackets #8211; which I don#8217;t even have installed on any machine)

 

Oh, and CLAMPMSS=Yes is set in my shorewall.conf.

 

Has anyone ever encountered this problem before?

 

Thanks in advance for all your help!




---------------------------------
Post your free ad now! Yahoo! Canada Personals


More information about the Shorewall-users mailing list