help about nat and internet service provider problem!! (kernel module)

Discussion in 'Linux Networking' started by Giacomo, Aug 25, 2005.

  1. Giacomo

    Giacomo Guest

    Good morning, I'm Giacomo Strangolino from Italy.
    I finished developing an ipv4 forewall with NAT/MASQUERADING and have been
    testing it
    for some time with success connecting from home to my ISP named "libero".

    Then i changed ISP to another one, called "telecom" and with great surprise
    i discovered that
    images from sites and also sites failed to load (i attach an example of a
    corrupted image of a site).

    So now, when i call an ISP all works fine, when i call the other, things go
    wrong.

    I NAT machines behind my firewall changing only ips and ports, and
    recalculating checksum (ip and tcp/udp)
    to adjust such changes.
    I do not touch any other field as window size or seq number or ack, since
    the only things i manipulate are
    addresses and ports.

    I was wondering what i could do to solve, since iptables and ipfw+natd on
    freeBSD or winXP sp2 work fine
    with this ISP...

    Tweaking with ethereal i found that probably sometimes a tcp segment gets
    lost (I attach ethereal output too).

    My firewall is a 2.6.12 kernel module which registers with netfilter hooks.
    A userspace program sends rules to
    kernel via netlink.

    I thank anyone who could help me find the way to fix the problem or
    understand what could be wrong with an
    ISP network and anyway work fine with the other.

    Thanks a lot

    Giacomo S. Udine, Italy
     
    Giacomo, Aug 25, 2005
    #1
    1. Advertisements

  2. corrupted pictures could indicate a proxy malfunctioning somewhere.
    thats all i can think of.

    --
    Respectfully,


    CL Gilbert

    "Verily, verily, I say unto you, He that entereth not by the door() into
    the sheepfold{}, but climbeth up some other *way, the same is a thief
    and a robber."

    GnuPG Key Fingerprint:
    82A6 8893 C2A1 F64E A9AD 19AE 55B2 4CD7 80D2 0A2D

    For a free Java interface to Freechess.org see
    http://www.rigidsoftware.com/Chess/chess.html
     
    CL (dnoyeB) Gilbert, Aug 26, 2005
    #2
    1. Advertisements

  3. Giacomo

    Giacomo Guest

    But if i load iptable's masquerading it works..

    I probably have to do something else..

    Thanks anyway

    Giacomo
     
    Giacomo, Aug 26, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.