Re: NAT and ISP problem

From: CJT (abujlehc_at_prodigy.net)
Date: 08/31/05

• Next message: Clifford Kite: "Re: NAT and ISP problem"
• Previous message: George: "Re: naim has stopped connecting to AIM... anybody have any info?"
• In reply to: Giacomo: "NAT and ISP problem"
• Next in thread: Clifford Kite: "Re: NAT and ISP problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Wed, 31 Aug 2005 14:15:38 GMT

Giacomo wrote:

> Good morning, I'm Giacomo Strangolino from Italy.
>
> I posted some days ago a problema about NAT and Internet Service Provider
> problems:
>
> I finished developing an ipv4 forewall with NAT/MASQUERADING and have been
> testing it
> for some time with success connecting from home to my ISP named "libero".
>
> Then i changed ISP to another one, called "telecom" and with great surprise
> i discovered that
> images from sites and also sites failed to load.
>
> So now, when i call an ISP all works fine, when i call the other, things go
> wrong.
>
> I NAT machines behind my firewall changing only ips and ports, and
> recalculating checksum (ip and tcp/udp)
> to adjust such changes.
> I do not touch any other field as window size or seq number or ack, since
> the only things i manipulate are
> addresses and ports.
>
> I was wondering what i could do to solve, since iptables and ipfw+natd on
> freeBSD or winXP sp2 work fine
> with this ISP...
>
> Tweaking with ethereal i found that probably sometimes a tcp segment gets
> lost.
>
> * Thanks to news help, i tried to lower MTU and to disable ECN, but the
> problem persists. *
>
> My firewall is a 2.6.12 kernel module which registers with netfilter hooks.
> A userspace program sends rules to
> kernel via netlink.
>
> I thank anyone who could help me find the way to fix the problem or
> understand what could be wrong with an
> ISP network and anyway work fine with the other.
>
> Thanks a lot
>
> Giacomo S. Udine, Italy
>
>
>
Did you try the second ISP _without_ the firewall? Maybe there's a DNS
problem or something silly like that which is causing problems with
some images.

-- 
The e-mail address in our reply-to line is reversed in an attempt to
minimize spam.  Our true address is of the form che...@prodigy.net.

• Next message: Clifford Kite: "Re: NAT and ISP problem"
• Previous message: George: "Re: naim has stopped connecting to AIM... anybody have any info?"
• In reply to: Giacomo: "NAT and ISP problem"
• Next in thread: Clifford Kite: "Re: NAT and ISP problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: pix 506 config change help ... what a router is designed to do and that is routing. ... No need for NAT on the ISP router, ... currently configuring and the firewall. ... (comp.security.firewalls) Re: pix 506 config change help ... what a router is designed to do and that is routing. ... No need for NAT on the ISP router, ... currently configuring and the firewall. ... (comp.security.firewalls) Re: pix 506 config change help ... addresses on the outside interface of my cisco pix 506 firewall so ... that my isp can nat though via my new router one to one my new public ... (comp.security.firewalls) HELP NAT PROBLEM RELATED TO ISP ... "NAT and ISP problem" ... probably the problem is not related to fragmentation in network packets. ... I'm Giacomo Strangolino from Italy. ... for some time with success connecting from home to my ISP named "libero". ... (comp.os.linux.networking) HELP NAT: PRBLEM WITH ISP. KERNEL MODULE ... "NAT and ISP problem" ... probably the problem is not related to fragmentation in network packets. ... I'm Giacomo Strangolino from Italy. ... for some time with success connecting from home to my ISP named "libero". ... (comp.os.linux.development.system)

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint