help about nat and internet service provider problem!! (kernel module)

Good morning, I'm Giacomo Strangolino from Italy.
I finished developing an ipv4 forewall with NAT/MASQUERADING and have been
testing it
for some time with success connecting from home to my ISP named "libero".

Then i changed ISP to another one, called "telecom" and with great surprise
i discovered that
images from sites and also sites failed to load (i attach an example of a
corrupted image of a site).

So now, when i call an ISP all works fine, when i call the other, things go
wrong.

I NAT machines behind my firewall changing only ips and ports, and
recalculating checksum (ip and tcp/udp)
to adjust such changes.
I do not touch any other field as window size or seq number or ack, since
the only things i manipulate are
addresses and ports.

I was wondering what i could do to solve, since iptables and ipfw+natd on
freeBSD or winXP sp2 work fine
with this ISP...

Tweaking with ethereal i found that probably sometimes a tcp segment gets
lost (I attach ethereal output too).

My firewall is a 2.6.12 kernel module which registers with netfilter hooks.
A userspace program sends rules to
kernel via netlink.

I thank anyone who could help me find the way to fix the problem or
understand what could be wrong with an
ISP network and anyway work fine with the other.

Thanks a lot

Giacomo S. Udine, Italy

Giacomo wrote:
> Good morning, I'm Giacomo Strangolino from Italy.
> I finished developing an ipv4 forewall with NAT/MASQUERADING and have been
> testing it
> for some time with success connecting from home to my ISP named "libero".
>
> Then i changed ISP to another one, called "telecom" and with great surprise
> i discovered that
> images from sites and also sites failed to load (i attach an example of a
> corrupted image of a site).
>
> So now, when i call an ISP all works fine, when i call the other, things go
> wrong.
>
> I NAT machines behind my firewall changing only ips and ports, and
> recalculating checksum (ip and tcp/udp)
> to adjust such changes.
> I do not touch any other field as window size or seq number or ack, since
> the only things i manipulate are
> addresses and ports.
>
> I was wondering what i could do to solve, since iptables and ipfw+natd on
> freeBSD or winXP sp2 work fine
> with this ISP...
>
> Tweaking with ethereal i found that probably sometimes a tcp segment gets
> lost (I attach ethereal output too).
>
> My firewall is a 2.6.12 kernel module which registers with netfilter hooks.
> A userspace program sends rules to
> kernel via netlink.
>
> I thank anyone who could help me find the way to fix the problem or
> understand what could be wrong with an
> ISP network and anyway work fine with the other.
>
> Thanks a lot
>
> Giacomo S. Udine, Italy
>
>

corrupted pictures could indicate a proxy malfunctioning somewhere.
thats all i can think of.

--
Respectfully,


CL Gilbert

"Verily, verily, I say unto you, He that entereth not by the door() into
the sheepfold{}, but climbeth up some other *way, the same is a thief
and a robber."

GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD 19AE 55B2 4CD7 80D2 0A2D

For a free Java interface to Freechess.org see
http://www.rigidsoftware.com/Chess/chess.html

But if i load iptable's masquerading it works..

I probably have to do something else..

Thanks anyway

Giacomo


"CL (dnoyeB) Gilbert" <(E-Mail Removed)> ha scritto nel messaggio
news:XP-dnfShdfOypZLeRVn-(E-Mail Removed)...
> Giacomo wrote:
>> Good morning, I'm Giacomo Strangolino from Italy.
>> I finished developing an ipv4 forewall with NAT/MASQUERADING and have
>> been
>> testing it
>> for some time with success connecting from home to my ISP named "libero".
>>
>> Then i changed ISP to another one, called "telecom" and with great
>> surprise
>> i discovered that
>> images from sites and also sites failed to load (i attach an example of a
>> corrupted image of a site).
>>
>> So now, when i call an ISP all works fine, when i call the other, things
>> go
>> wrong.
>>
>> I NAT machines behind my firewall changing only ips and ports, and
>> recalculating checksum (ip and tcp/udp)
>> to adjust such changes.
>> I do not touch any other field as window size or seq number or ack, since
>> the only things i manipulate are
>> addresses and ports.
>>
>> I was wondering what i could do to solve, since iptables and ipfw+natd on
>> freeBSD or winXP sp2 work fine
>> with this ISP...
>>
>> Tweaking with ethereal i found that probably sometimes a tcp segment gets
>> lost (I attach ethereal output too).
>>
>> My firewall is a 2.6.12 kernel module which registers with netfilter
>> hooks.
>> A userspace program sends rules to
>> kernel via netlink.
>>
>> I thank anyone who could help me find the way to fix the problem or
>> understand what could be wrong with an
>> ISP network and anyway work fine with the other.
>>
>> Thanks a lot
>>
>> Giacomo S. Udine, Italy
>>
>>
>
> corrupted pictures could indicate a proxy malfunctioning somewhere. thats
> all i can think of.
>
> --
> Respectfully,
>
>
> CL Gilbert
>
> "Verily, verily, I say unto you, He that entereth not by the door() into
> the sheepfold{}, but climbeth up some other *way, the same is a thief and
> a robber."
>
> GnuPG Key Fingerprint:
> 82A6 8893 C2A1 F64E A9AD 19AE 55B2 4CD7 80D2 0A2D
>
> For a free Java interface to Freechess.org see
> http://www.rigidsoftware.com/Chess/chess.html