-
Upload Issue
Hi All,
I am new in Linux, Please help me.
I am facing uploading issue in my network. Whenever I am trying to upload any small/large file via browser it is getting failed after a minute or more and I am not getting any error for this issue. But same is working from my gateway and outside the network. I am using my Linux server (CentOS 5.8 ) as a firewall (Gateway)+router+VPN server.
It is clearly seems that issue persist on my gateway. Can you guys help me out in the same? How can I identify and troubleshoot this issue?
please help me..
Thanks
Lakhan
-
First start by checking your firewall. This is 99% of the time the reason why people cannot upload or connect.
If you would like post your rules and we could look for possible issues.
-
Robert,
Thanks for the reply, please find iptables details below.......I have changed the IP address for security purpose.
# Generated by iptables-save v1.3.5 on Tue Dec 18 17:17:56 2012
*mangle
:PREROUTING ACCEPT [43708199:16022809581]
:INPUT ACCEPT [14371379:8080739466]
:FORWARD ACCEPT [29421811:7952789018]
:OUTPUT ACCEPT [14455631:7862946327]
:POSTROUTING ACCEPT [43877417:15815734057]
COMMIT
# Completed on Tue Dec 18 17:17:56 2012
# Generated by iptables-save v1.3.5 on Tue Dec 18 17:17:56 2012
*nat
:PREROUTING ACCEPT [1398405:96752787]
:POSTROUTING ACCEPT [440437:37607386]
:OUTPUT ACCEPT [371221:24085902]
-A PREROUTING -p tcp -m iprange --dst-range 56.246.190.57-56.246.190.72 -j DNAT --to-destination 124.175.190.17-124.175.190.26
-A PREROUTING -s 192.168.10.0/255.255.255.0 -d ! 198.66.215.72 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -p tcp -m tcp --dport 5050 -j REDIRECT --to-ports 16667
-A PREROUTING -p tcp -m tcp --dport 5222 -j REDIRECT --to-ports 16667
-A PREROUTING -p tcp -m tcp --dport 1863 -j REDIRECT --to-ports 16667
-A PREROUTING -p tcp -m tcp --dport 5223 -j REDIRECT --to-ports 16667
-A PREROUTING -p tcp -m tcp --dport 5190 -j REDIRECT --to-ports 16667
-A PREROUTING -p tcp -m tcp --dport 6667 -j REDIRECT --to-ports 16667
-A PREROUTING -p tcp -m tcp --dport 8074 -j REDIRECT --to-ports 16667
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -p tcp -m tcp --dport 80 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -p tcp -m tcp --dport 443 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -p tcp -m tcp --dport 465 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -p tcp -m tcp --dport 25 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -p tcp -m tcp --dport 995 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -p tcp -m tcp --dport 1723 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -p tcp -m tcp --dport 5228 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -p udp -m udp --dport 1723 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -p udp -m udp --dport 4500 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -p udp -m udp --dport 500 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -p udp -m udp --dport 10000 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -p udp -m udp --dport 5060:5061 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -p udp -m udp --dport 123 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -p udp -m udp --dport 69 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -p udp -m udp --dport 10000:20000 -j MASQUERADE
-A POSTROUTING -d 143.69.16.203 -p tcp -m tcp --dport 22 -j MASQUERADE
-A POSTROUTING -d 143.69.16.200 -p tcp -m tcp --dport 22 -j MASQUERADE
-A POSTROUTING -d 143.69.16.201 -p tcp -m tcp --dport 22 -j MASQUERADE
-A POSTROUTING -d 143.69.16.202 -p tcp -m tcp --dport 22 -j MASQUERADE
-A POSTROUTING -d 198.69.187.74 -p tcp -m tcp --dport 22 -j MASQUERADE
-A POSTROUTING -d 216.27.143.45 -p tcp -m tcp --dport 30000 -j MASQUERADE
-A POSTROUTING -d 175.139.153.176 -p tcp -m tcp --dport 22 -j MASQUERADE
-A POSTROUTING -d 187.72.56.195 -p tcp -m tcp --dport 22 -j MASQUERADE
-A POSTROUTING -d 184.62.19.69 -j MASQUERADE
-A POSTROUTING -d 174.139.217.151 -j MASQUERADE
-A POSTROUTING -d 198.68.215.75 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -p tcp -m tcp --dport 587 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -p tcp -m tcp --dport 20 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -p tcp -m tcp --dport 21 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -p tcp -m tcp --dport 993 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -p tcp -m tcp --dport 115 -j MASQUERADE
-A POSTROUTING -d 175.129.145.154 -p tcp -m tcp --dport 3306 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -p tcp -m tcp --dport 1194 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 114.37.189.48 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -p tcp -m tcp --dport 23399 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 219.131.141.210 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 115.41.171.220 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -p tcp -m tcp --dport 21003 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 66.86.57.128 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 66.66.249.190 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 66.147.108.91 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 69.160.128.176 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 67.170.128.178 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 63.67.249.176 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 23.43.238.154 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 66.45.62.171 -j MAMASQUERADE
SQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 56.46.57.167 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 66.40.57.51 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 56.160.127.178 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 23.21.232.102 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 50.67.176.165 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 16.159.34.65 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 16.159.34.66 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 25.23.76.73 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 67.62.245.176 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 167.22.240.39 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 184.129.69.130 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 182.17.150.39 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 67.197.167.108 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 178.61.235.72 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 198.61.215.53 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 173.255.226.10 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 23.73.200.160 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 64.82.249.166 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 194.72.44.79 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 67.28.43.116 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 166.79.4.110 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 166.68.7.176 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 173.180.210.121 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 50.73.28.1 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 198.61.6.74 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 198.71.20.124 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 174.47.170.186 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -p tcp -m tcp --dport 3306 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -p udp -m udp --dport 3306 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 56.27.151.39 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 129.227.23.139 -j MASQUERADE
COMMIT
# Completed on Tue Dec 18 17:17:56 2012
# Generated by iptables-save v1.3.5 on Tue Dec 18 17:17:56 2012
*filter
:INPUT ACCEPT [14371399:8080743810]
:FORWARD ACCEPT [29421811:7952789906]
:OUTPUT ACCEPT [14455651:7862949238]
-A INPUT -s 192.168.10.0/255.255.255.0 -d 124.247.24.8 -j ACCEPT
-A INPUT -p tcp -m iprange --dst-range 69.67.176.131-69.73.186.199 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m iprange --src-range 69.67.176.131-69.73.186.199 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -s 38.121.108.165 -j DROP
-A INPUT -s 38.121.108.166 -j DROP
-A INPUT -s 65.71.85.21 -j DROP
-A INPUT -s 65.71.85.22 -j DROP
-A FORWARD -p tcp -m iprange --dst-range 68.63.156.161-68.63.156.199 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -p tcp -m tcp --dport 5222 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -p tcp -m tcp --dport 5333 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -p tcp -m tcp --dport 5223 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -s 192.168.10.0/255.255.255.0 -d 74.135.165.125 -p tcp -j DROP
-A FORWARD -d 209.45.239.167 -p tcp -m tcp --dport 443 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -d 76.114.203.125 -p tcp -m tcp --dport 443 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -d 289.65.137.128 -p tcp -m tcp --dport 443 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -d 74.135.65.129 -p tcp -m tcp --dport 443 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -d 44.175.95.125 -p tcp -m tcp --dport 443 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -d 74.125.145.15 -p tcp -m tcp --dport 443 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -d 89.125.57.185 -p tcp -m tcp --dport 443 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -d 74.185.93.145 -p tcp -m tcp --dport 443 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -d 74.15.45.135 -p tcp -m tcp --dport 443 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -d 208.85.143.118 -p tcp -m tcp --dport 443 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -d 209.35.13.129 -p tcp -m tcp --dport 80 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -p tcp -m iprange --dst-range 66.63.146.161-66.63.146.199 -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Tue Dec 18 17:17:56 2012
Thanks
Lakhan
-
Hi All,
I have seen that when I am uploading from FTP it is working well but once I tried with browser connection getting reset. I am not getting any error at the end, Is there any kind of blocking or session time out on squid/dansguardian/iptables? which is reseting the connection.
Please please please give your suggestions and ideas.
Thanks
Lakhan
-
Is this firewall on the device that is directly connected to the internet? I am hoping you will say no but I fear this is your internet firewall.
Your firewall is what we call Firewall Hell. It has no structure and is Hell to troubleshoot
You need to start using interface -i so that rules apply to one direction. Presently your rules apply to all interfaces in every direction. I believe this is why you are having the issues you are having.
I am currently at work but when I get home tonight I'll go over your rules and get this sorted out.
I need to know what intoerface is connected to the inside and what is connected to the outside. Also if the proxy is on this box or another one.
-
Hi Robart,
Thanks a lot for your reply. Please find the ans. of your questions.
Is this firewall on the device that is directly connected to the internet? : Unfortunately Yes. It is setup earlier, I dont have any idea about that setup.
I have three interfaces:
Eth0: Local network (192.168.10.0)
Eth1: Backup Internet Link
Eth2: Primary Internet Link
Also if the proxy is on this box or another one. : Proxy also on same box
Kindly help me out I am really struggling with this. Your suggestions will be precious for me.
Thanks
Lakhan
