Shorewall users - Oct 2005 - Connection problems with static NAT

Hi All,

I am using shorewall 2.4.3 version (rpm download) on Fedora Core 3.
Kernel version is 2.6.12-1.1378_FC3. 

I am using shorewall as a gateway to my LAN. Shorewall is connected to a
Cisco router and the LAN. As one of my voice application needs a static
NAT for the systems, I have NATed most of my systems in nat file. 

Shorewall is starting and running fine. All of a sudden one of the
static nat''ed machine is unable to connect to the Internet. This
problem
is not specific to one client machine. The problem is random in nature
i.e. the problem shifts from one machine to other. Its very random. 

I see lot of following similar messages frequently on my console and
in /var/log/messages

Oct 11 18:52:40 fw kernel: NETDEV WATCHDOG: eth0: transmit timed out
Oct 11 18:52:40 fw kernel: eth0: Transmit timed out, status 00000000,
resetting.


As output of my shorewall status is bit too long .. I am not posting
it .. 

here is the sample of my nat file .. 

xxx.xxx.xxx.xx1 eth0:1          192.168.0.25    no              no
xxx.xxx.xxx.xx2 eth0:2          192.168.0.26    no              no
xxx.xxx.xxx.xx3 eth0:3          192.168.0.27    no              no
xxx.xxx.xxx.xx4 eth0:4          192.168.0.28    no              no
xxx.xxx.xxx.xx5 eth0:5          192.168.0.29    no              no


Here is my masq file .. 

eth0                    192.168.0.0/24  xxx.xxx.xxx.xx0


Here is my shorewall.conf file 


STARTUP_ENABLED=Yes
LOGFILE=/var/log/messages
LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No
LOGRATELOGBURSTLOGALLNEWBLACKLIST_LOGLEVELLOGNEWNOTSYN=info
MACLIST_LOG_LEVEL=info
TCP_FLAGS_LOG_LEVEL=info
RFC1918_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
BOGON_LOG_LEVEL=info
LOG_MARTIANS=No
IPTABLESPATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=/var/lock/subsys/shorewall
STATEDIR=/var/lib/shorewall
MODULESDIRCONFIG_PATH=/etc/shorewall:/usr/share/shorewall
RESTOREFILEFW=fw
IP_FORWARDING=On
ADD_IP_ALIASES=Yes
ADD_SNAT_ALIASES=No
RETAIN_ALIASES=No
TC_ENABLED=No
CLEAR_TC=Yes
MARK_IN_FORWARD_CHAIN=No
CLAMPMSS=Yes
ROUTE_FILTER=No
DETECT_DNAT_IPADDRS=No
MUTEX_TIMEOUT=60
NEWNOTSYN=Yes
ADMINISABSENTMINDED=Yes
BLACKLISTNEWONLY=Yes
DELAYBLACKLISTLOAD=No
MODULE_SUFFIXDISABLE_IPV6=Yes
BRIDGING=No
DYNAMIC_ZONES=No
PKTTYPE=Yes
DROPINVALID=No
RFC1918_STRICT=No
MACLIST_TTLSAVE_IPSETS=No
BLACKLIST_DISPOSITION=DROP
MACLIST_DISPOSITION=REJECT
TCP_FLAGS_DISPOSITION=DROP


Has anybody encountered this problem earlier. I have searched through
the archives, but could not find a solution for it.

Thanks,
Murali 






-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl

----- Original Message ----- 
> Hi All,
> 
> I am using shorewall 2.4.3 version (rpm download) on Fedora Core 3.
> Kernel version is 2.6.12-1.1378_FC3. 
> 
> I am using shorewall as a gateway to my LAN. Shorewall is connected to a
> Cisco router and the LAN. As one of my voice application needs a static
> NAT for the systems, I have NATed most of my systems in nat file. 
> 
> Shorewall is starting and running fine. All of a sudden one of the
> static nat''ed machine is unable to connect to the Internet. This
problem
> is not specific to one client machine. The problem is random in nature
> i.e. the problem shifts from one machine to other. Its very random. 
> 
> I see lot of following similar messages frequently on my console and
> in /var/log/messages
> 
> Oct 11 18:52:40 fw kernel: NETDEV WATCHDOG: eth0: transmit timed out
> Oct 11 18:52:40 fw kernel: eth0: Transmit timed out, status 00000000,
> resetting.
> 
That look more like a nic driver issue to me. May I ask who the maker of the nic
is?

Jerry



-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl

Murali Potla escribió:
> Oct 11 18:52:40 fw kernel: NETDEV WATCHDOG: eth0: transmit timed out
> Oct 11 18:52:40 fw kernel: eth0: Transmit timed out, status 00000000,
> resetting.

looks like a NIC driver bug.. are you using the _latest_ FC3 kernel ??
if not,..you should .. ;)

anyway, post a _compressed_ shorewall status.



-- 
Cristian Rodriguez R.
perl -e
''$_=pack(c5,0105,0107,0123,0132,(1<<3)+2);y[A-Z][N-ZA-M];print;''

I am using the latest available kernel. 

My NIC manufacturer is 

MYSON Technology Inc SURECOM EP-320X-S 100/10M Ethernet PCI Adapter

and the driver is fealnx.

Find the attached shorewall status for your reference. 

Regards,
Murali Potla


On Tue, 2005-10-18 at 15:30 -0300, Cristian Rodriguez
wrote:
> Murali Potla escribió:
> 
> > Oct 11 18:52:40 fw kernel: NETDEV WATCHDOG: eth0: transmit timed out
> > Oct 11 18:52:40 fw kernel: eth0: Transmit timed out, status 00000000,
> > resetting.
> 
> 
> looks like a NIC driver bug.. are you using the _latest_ FC3 kernel ??
> if not,..you should .. ;)
> 
> anyway, post a _compressed_ shorewall status.
> 
> 
>