[H-GEN] Linux masq problem

Byron Ellacott bje at apnic.net
Wed Jul 19 23:58:00 EDT 2000


[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics.  Please observe the list's charter.          ]

On Thu, 20 Jul 2000, John wrote:

> Over the last 3 weeks I've needed to access some URLs where the hostname
> resolves to multiple IP addresses. The machine I am accessing the site
> from is behind a masquerading firewall. It seems that because the reply
> comes from a different IP address than the outgoing request was sent to,
> the connection is never established and eventually times out because the
> masquerading kernel does not know where to forward the incoming packet
> to.

The stages in accessing a URL are as follows:

1) Resolve the name, and get an IP address
2) Establish a TCP connection to that IP address
3) Request the URL
4) Hope you get the data.

Notice that the resolution of the name to a single IP address happens
before the connection is established.  The IP address will not change
during the course of the connection; it cannot, a connection is identified
by (localIP:localport,remoteIP:remoteport), and changing any of those
means you're not talking about the same connection.  Hence, whatever
problem you're experiencing is related to neither masq nor multiple A
records for a given name.

You might be getting a timeout for a number of reasons.  First, the site
might have been down at the time; have you tried pinging it from the
masquerading machine, using w3m or lynx on the masquerading machine, etc?
Second, you may have misconfigured your masquerading.  Can you access
other websites?  Third, you may be suffering from an autoproxy, which can
do various broken things and cause you grief.

> I have verified that I can access this site from within QUT's network
> and that other students using external ISP's can still access the site
> with no problems (as could I until last Thursday).

Timeouts are often transient load related problems.  If you're referring
to hotmail, it recently had a nervous breakdown; two machines upon which
the whole system relies were unreachable, and HTTP connections were timing
out.

-- 
bje


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.



More information about the General mailing list