Linux, some packets are not being NAT

Posted by user70932 on Server Fault See other posts from Server Fault or by user70932
Published on 2011-02-16T03:09:33Z Indexed on 2011/02/16 7:27 UTC
Read the original article Hit count: 579

Filed under:

Hi,

I'm trying to NAT HTTP traffic, I'm new to this and facing some issues. What i'm trying to do is NAT client HTTP requests to a webserver.

CLIENT -> NAT BOX -> WEBSERVER

When the client open the IP of the NAT BOX, the request should be pass to the web server.

But I'm getting "HTTP request sent, awaiting response..." and then wait serveral minutes before the request is done.

Looking at the tcpdump output, it looks like the first Syn packet on (10:48:54) is being NAT but not the second, third, fourth... ACK or PSH packets, and wait until (10:52:04) it starts NAT again on the ACK packet.

The iptables command I'm using is:

iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 \
 -j DNAT --to-destination WEBSERVER

I'm wondering what could have caused this behavior?

Thanks alot.

10:48:54.907861 IP (tos 0x0, ttl  49, id 16395, offset 0, flags [DF],
 proto: TCP (6), length: 48) CLIENT.61736 > NATBOX.http: S,
 cksum 0x6019 (correct), 1589600740:1589600740(0) win 5840 <mss 1460,nop,wscale 8>

10:48:54.907874 IP (tos 0x0, ttl  48, id 16395, offset 0, flags [DF],
 proto: TCP (6), length: 48) CLIENT.61736 > WEBSERVER.http: S,
 cksum 0xb5d7 (correct), 1589600740:1589600740(0) win 5840 <mss 1460,nop,wscale 8>

10:48:55.102696 IP (tos 0x0, ttl  49, id 16397, offset 0, flags [DF],
 proto: TCP (6), length: 40) CLIENT.61736 > NATBOX.http: .,
 cksum 0x2727 (correct), ack 2950613896 win 23

10:48:55.102963 IP (tos 0x0, ttl  49, id 16399, offset 0, flags [DF],
 proto: TCP (6), length: 160) CLIENT.61736 > NATBOX.http: P 0:120(120)
 ack 1 win 23

10:48:58.103078 IP (tos 0x0, ttl  49, id 16401, offset 0, flags [DF],
 proto: TCP (6), length: 160) CLIENT.61736 > NATBOX.http: P 0:120(120)
 ack 1 win 23

10:48:58.366344 IP (tos 0x0, ttl  49, id 16403, offset 0, flags [DF],
 proto: TCP (6), length: 40) CLIENT.61736 > NATBOX.http: .,
 cksum 0x26af (correct), ack 1 win 23

10:49:04.103204 IP (tos 0x0, ttl  49, id 16405, offset 0, flags [DF],
 proto: TCP (6), length: 160) CLIENT.61736 > NATBOX.http: P 0:120(120)
 ack 1 win 23

10:49:04.363943 IP (tos 0x0, ttl  49, id 16407, offset 0, flags [DF],
 proto: TCP (6), length: 40) CLIENT.61736 > NATBOX.http: .,
 cksum 0x26af (correct), ack 1 win 23

10:49:16.101583 IP (tos 0x0, ttl  49, id 16409, offset 0, flags [DF],
 proto: TCP (6), length: 160) CLIENT.61736 > NATBOX.http: P 0:120(120)
 ack 1 win 23

10:49:16.363475 IP (tos 0x0, ttl  49, id 16411, offset 0, flags [DF],
 proto: TCP (6), length: 40) CLIENT.61736 > NATBOX.http: .,
 cksum 0x26af (correct), ack 1 win 23

10:49:40.100796 IP (tos 0x0, ttl  49, id 16413, offset 0, flags [DF],
 proto: TCP (6), length: 160) CLIENT.61736 > NATBOX.http: P 0:120(120)
 ack 1 win 23

10:49:40.563898 IP (tos 0x0, ttl  49, id 16415, offset 0, flags [DF],
 proto: TCP (6), length: 40) CLIENT.61736 > NATBOX.http: .,
 cksum 0x26af (correct), ack 1 win 23

10:50:28.099396 IP (tos 0x0, ttl  49, id 16417, offset 0, flags [DF],
 proto: TCP (6), length: 160) CLIENT.61736 > NATBOX.http: P 0:120(120)
 ack 1 win 23

10:50:28.761678 IP (tos 0x0, ttl  49, id 16419, offset 0, flags [DF],
 proto: TCP (6), length: 40) CLIENT.61736 > NATBOX.http: .,
 cksum 0x26af (correct), ack 1 win 23

10:52:04.093668 IP (tos 0x0, ttl  49, id 16421, offset 0, flags [DF],
 proto: TCP (6), length: 160) CLIENT.61736 > NATBOX.http: P 0:120(120)
 ack 1 win 23

10:52:04.093678 IP (tos 0x0, ttl  48, id 16421, offset 0, flags [DF],
 proto: TCP (6), length: 160) CLIENT.61736 > WEBSERVER.http: 
 P 1589600741:1589600861(120) ack 2950613896 win 23

10:52:04.291021 IP (tos 0x0, ttl  49, id 16423, offset 0, flags [DF],
 proto: TCP (6), length: 40) CLIENT.61736 > NATBOX.http: .,
 cksum 0x25d3 (correct), ack 217 win 27

10:52:04.291028 IP (tos 0x0, ttl  48, id 16423, offset 0, flags [DF],
 proto: TCP (6), length: 40) CLIENT.61736 > WEBSERVER.http: .,
 cksum 0x7b91 (correct), ack 217 win 27

10:52:04.300708 IP (tos 0x0, ttl  49, id 16425, offset 0, flags [DF],
 proto: TCP (6), length: 40) CLIENT.61736 > NATBOX.http: .,
 cksum 0x253c (correct), ack 368 win 27

10:52:04.300714 IP (tos 0x0, ttl  48, id 16425, offset 0, flags [DF],
 proto: TCP (6), length: 40) CLIENT.61736 > WEBSERVER.http: .,
 cksum 0x7afa (correct), ack 368 win 27

10:52:04.301417 IP (tos 0x0, ttl  49, id 16427, offset 0, flags [DF],
 proto: TCP (6), length: 40) CLIENT.61736 > NATBOX.http: F,
 cksum 0x253b (correct), 120:120(0) ack 368 win 27

10:52:04.301438 IP (tos 0x0, ttl  48, id 16427, offset 0, flags [DF],
 proto: TCP (6), length: 40) CLIENT.61736 > WEBSERVER.http: F,
 cksum 0x7af9 (correct), 120:120(0) ack 368 win 27

10:52:04.498875 IP (tos 0x0, ttl  49, id 16429, offset 0, flags [DF],
 proto: TCP (6), length: 40) CLIENT.61736 > NATBOX.http: .,
 cksum 0x253a (correct), ack 369 win 27

10:52:04.498881 IP (tos 0x0, ttl  48, id 16429, offset 0, flags [DF],
 proto: TCP (6), length: 40) CLIENT.61736 > WEBSERVER.http: .,
 cksum 0x7af8 (correct), ack 369 win 27

© Server Fault or respective owner

Related posts about nat