[ previous ] [ next ] [ threads ]
 From:  sylikc <sylikc at gmail dot com>
 To:  Edmund Lian <edmund underscore lian at juscom dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Sporadic routing failure affecting only Windows machines
 Date:  Mon, 14 Mar 2005 19:20:58 -0800

> I've got a very strange problem that appears to be m0n0wall related. I
> have two locations linked via a m0n0wall IPSEC tunnel. Once side of the
> tunnel, the site that all the client machines are on, has a dynamic IP
> address.
> Machines on one side of the wall access a webserver on the other side
> of the tunnel via a local IP address (192.168.x.x).
> The problem is that occasionally, clients cannot access the webserver.
> The webserver logs show that the HTTP requests come in, but the server
> response seems to not get to the clients. The same holds true for
> telnet and other connections.
> The perverse thing is that the problem comes and goes, and only affects
> the Windows machines. During times when the Windows machines are unable
> to receive responses, my Mac client is completely unaffected.
> At first, I thought that this was not a network/m0n0wall related
> problem. However, the fact that it only affects the Windows machines,
> and affects all of them simultaneously, seems to indicate some kind of
> routing issue.
> Does anybody have a clue they can toss in my direction?

Since you describe the problem to affect Windows hosts only, and your
Mac client is unaffectected, it doesn't seem likely to me that it's a
routing issue.  The packets are likely sent back to the Windows
clients the same way that they are sent to the Mac client, but perhaps
the Windows hosts are doing something weird causing it to drop the

I would try putting a packet sniffer on the Windows boxes to see if
something actually comes back, or to place a hub on the receiving side
and then using the Mac host with a sniffer to watch all the packets
passing through the receiving network (just went you thought hubs were
bad, they can be very useful in diagnosing these things ;)  ).

Otherwise, try giving a more detailed overview of the network, for
example if you're using advanced routing or setting certain exclusions
for the Windows hosts, using captive portal, etc. to see if anything
else might be causing your problem.  Also, when does service resume? 
Do you have to reboot the Windows hosts or does something have to
occur before they can receive responses again?  What Windows OS are
the Windows hosts running?

m0n0wall (Layer 3/4) is not aware of the operating system (Layer
5/6/7), so since it works with the Mac client on the receiving side,
in a default configuration (without advanced options), it doesn't
sound like a m0n0wall issue.