AOL and IPTABLES (HELP!!!!)

dlambeth · Posted: Thu Jan 20, 2005 3:35 pm Post subject: AOL and IPTABLES (HELP!!!!)

AOL seems to have trouble connection when using Netfilter IPTABLES. Has anybody run into this problem? My customer has to constantly call me saying that his AOL won't connect, and after I restart the IPTABLES script everyting seems to work fine for a while. Here is a snippet of my POSTROUTING rules which allows his machine full access out of the firewall. AOL uses port 5190, so just for S&G I added that port to the POSTROUTING rules and it worked, but only for a while.

CLIENT3="192.168.2.10" #Tony New

#CLIENT3
$IPT -t nat -A POSTROUTING -s $CLIENT3 -o $INET_IFACE -j MASQUERADE

$IPT -A POSTROUTING -t nat -s $LOCAL_NET -p tcp --dport 80 -j MASQUERADE -o $INET_IFACE
$IPT -A POSTROUTING -t nat -s $LOCAL_NET -p tcp --dport 443 -j MASQUERADE -o $INET_IFACE
$IPT -A POSTROUTING -t nat -s $LOCAL_NET -p tcp --dport 5190 -j MASQUERADE -o $INET_IFACE

Any help would be greatly appreciated.

Thanks
_________________
Darwin L. Lambeth
Network Administrator/Developer
FPMI
dlambeth@darwinsdomain.com

dlambeth · Posted: Thu Jan 20, 2005 3:40 pm Post subject:

Here is a snippet from tcpdump while AOL is working, the only thing I noticed is UDP port 32 and 4 are constant. I wonder if that's the problem.

09:24:36.250856 tonyoffice.docusourcesa.com.1340 > ipt-rtci05.dial.aol.com.5190: udp 32
09:24:36.250861 tonyoffice.docusourcesa.com.1340 > ipt-rtci05.dial.aol.com.5190: udp 4
09:24:49.862878 tonyoffice.docusourcesa.com.1335 > berp-ca04.dial.aol.com.5190: P 1893074959:1893074975(16) ack 2111996794 win 64190 (DF)
09:24:52.231351 tonyoffice.docusourcesa.com.1335 > berp-ca04.dial.aol.com.5190: P 16:32(16) ack 1 win 64190 (DF)
09:24:52.232186 tonyoffice.docusourcesa.com.1335 > berp-ca04.dial.aol.com.5190: P 32:62(30) ack 1 win 64190 (DF)
09:24:53.381851 tonyoffice.docusourcesa.com.1197 > oam-m14a.blue.aol.com.www: . ack 3765314975 win 64616 (DF)
09:24:53.381856 tonyoffice.docusourcesa.com.1335 > berp-ca04.dial.aol.com.5190: . ack 247 win 63944 (DF)
09:24:55.154382 tonyoffice.docusourcesa.com.1335 > berp-ca04.dial.aol.com.5190: P 62:169(107) ack 247 win 63944 (DF)
09:25:06.250082 tonyoffice.docusourcesa.com.1340 > ipt-rtci05.dial.aol.com.5190: udp 32
09:25:06.250086 tonyoffice.docusourcesa.com.1340 > ipt-rtci05.dial.aol.com.5190: udp 4
_________________
Darwin L. Lambeth
Network Administrator/Developer
FPMI
dlambeth@darwinsdomain.com

dlambeth · Posted: Fri Jan 21, 2005 2:10 pm Post subject:

Still have not got an answer on this.

Anybody?
_________________
Darwin L. Lambeth
Network Administrator/Developer
FPMI
dlambeth@darwinsdomain.com

dlambeth · Posted: Tue Jan 25, 2005 12:47 am Post subject:

No answer yet!!!
_________________
Darwin L. Lambeth
Network Administrator/Developer
FPMI
dlambeth@darwinsdomain.com

think4urs11 · Posted: Wed Jan 26, 2005 9:01 pm Post subject:

what mtu size do you use?
AFAIK AOL likes to have a small one (1440/1400? not exactly sure)

HTH
T.
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself

dlambeth · Posted: Thu Jan 27, 2005 1:48 am Post subject:

It's a Linux firewall at the border, it defaults to 1500. I'll try bringing it down a bit to see if that helps.

Thanks
_________________
Darwin L. Lambeth
Network Administrator/Developer
FPMI
dlambeth@darwinsdomain.com

think4urs11 · Posted: Thu Jan 27, 2005 7:44 am Post subject:

i've tested it here with MTU set to 1400 and it works fine; no problems found.

HTH
T.
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself