+ Reply to Thread
Results 1 to 10 of 10
  1. #1
    Join Date
    Jul 2003
    Location
    Pesqueira - Pernambuco - Brazil
    Posts
    65
    Rep Power
    15

    Default NAT with Chilispot ignores some URLs

    I have a WAR2 board with 1.3.0-v.world installed as a public hotspot at a hotel. Everything is working great except for one website (www.uol.com.br). We can ping this site just fine but when we try to open it in our browser (IE or Firefox) it doesn't work. In investigating the problem I opened a beacon report to check the IPs and found something interesting. We use 192.168.100.0/24 for the hotspot. Everything is NATed to the wpci1 radio which is the backhaul. For normal traffic the IP for wpci1 (10.10.0.26) is what shows up in beacon. When we try to open www.uol.com.br, the ip of the client attached to the hotspot (129.168.100.X) appears in beacon. This makes me think that for some strange reason, NAT is not funcioning for one specific IP destination. I have never seen this before and don't quite know where to start looking.

  2. #2
    Join Date
    Jan 2000
    Location
    Langley, Canada
    Posts
    8,090
    Rep Power
    10

    Default

    What are your NAT rules on that system? It is strange that it would not nat to that destination.

    One thing you can try is to activate your script changes (advanced->scripts->activate script changes) and then wait 1 minute before trying to access that website again (lets any stale connection states expire).

  3. #3
    Join Date
    Jul 2003
    Location
    Pesqueira - Pernambuco - Brazil
    Posts
    65
    Rep Power
    15

    Default

    Here is the only line in my NAT script:

    masq from 192.168.0.0/16 to dev wpci1

    The only other different thing I have going on is a bridge between ether2 and wpci2. The hotel has wired network available for customers that runs the same hotspot. Could that make a difference?

  4. #4
    Join Date
    Jan 2000
    Location
    Langley, Canada
    Posts
    8,090
    Rep Power
    10

    Default

    No, it should not make any difference as all traffic still has to go through the firewall to leave wpci2.

  5. #5
    Join Date
    Mar 2006
    Location
    Srbobran, Serbia
    Posts
    4,084
    Rep Power
    16

    Default

    I just tried that site of yours. I can only ping it, can not open no web page.
    There is traceroute (from Firefox):

    www.uol.com.br A 200.221.2.45

    1 * * *
    2 v61.cer02.dal01.dallas-border.com (66.228.118.153) 0.398 ms 0.423 ms 0.352 ms
    3 TenGigabitEthernet1-3.ar3.DAL2.gblx.net (64.215.81.1) 0.505 ms 0.383 ms 0.487 ms
    4 uol-1.ar5.GRU1.gblx.net (64.215.195.94) 157.304 ms 149.551 ms 146.122 ms
    5 fr2-border5.ix.uol.com.br (200.221.30.41) 147.003 ms 153.714 ms 155.441 ms
    6 * *
    Ljubomir Ljubojevic - Love is in the Air
    Google is the Mother, Google is the Father, and traceroute is your trusty Spiderman...
    StarOS and CentOS/RHEL/Linux consultant
    Powerful Starv3 manipulation tool - StarV3 Multipractik for Linux

  6. #6
    Join Date
    Jan 2000
    Location
    Langley, Canada
    Posts
    8,090
    Rep Power
    10

    Default

    I can access that site via web from our office in Canada. Strange one.

  7. #7
    Join Date
    Mar 2006
    Location
    Srbobran, Serbia
    Posts
    4,084
    Rep Power
    16

    Default

    This IS a strange one. I tjust open it, but 5 min before would not.
    I am behind 2 StarV3's, but fully routed until RHEL NAT-ing.

    D:\>tracert www.uol.com.br

    Tracing route to www.uol.com.br [200.221.2.45]
    over a maximum of 30 hops:

    1 <1 ms <1 ms <1 ms srbobran.plcomputers.net [192.168.200.100]
    2 3 ms 2 ms 2 ms 172.25.200.100
    3 3 ms 2 ms 3 ms 192.168.110.100
    4 4 ms 4 ms 5 ms e0.er-PLcomputers.SBR.panline.net [82.208.255.23
    3]
    5 18 ms 9 ms 10 ms cr-NSD.TMR.panline.net [82.208.254.80]
    6 12 ms 9 ms 10 ms cr-BMP6.BO9.NSD.panline.net [82.208.254.82]
    7 42 ms 29 ms 12 ms cr2-PD2.BMP6.NSD.panline.net [82.208.254.92]
    8 33 ms 38 ms 44 ms cr2-BMP6.PD2.NSD.panline.net [82.208.254.89]
    9 23 ms 29 ms 40 ms br1.PD2.NSD.panline.net [82.208.254.30]
    10 32 ms 26 ms 11 ms AS13091.peering.panline.net [212.62.38.189]
    11 72 ms 58 ms 51 ms 213.137.104.37
    12 166 ms 165 ms 62 ms 212.200.23.165
    13 97 ms 33 ms 51 ms 212.200.232.137
    14 * 19 ms 10 ms 212.200.232.41
    15 82 ms 80 ms 58 ms 212.200.227.230
    16 37 ms 37 ms 37 ms pos05-0.gw5.fft4.alter.net [139.4.100.141]
    17 94 ms 100 ms 79 ms so-4-2-0.XR1.FFT4.ALTER.NET [149.227.17.121]
    18 43 ms 72 ms 61 ms so-2-0-0.TL1.FFT1.ALTER.NET [146.188.8.134]
    19 142 ms 125 ms 125 ms so-4-0-0.IR2.DCA4.ALTER.NET [146.188.4.25]
    20 127 ms 128 ms 131 ms 0.so-0-0-0.IL2.DCA6.ALTER.NET [146.188.13.41]
    21 195 ms 190 ms 200 ms 0.so-2-3-1.XT4.DFW9.ALTER.NET [152.63.2.202]
    22 172 ms 187 ms 176 ms 0.so-7-0-0.BR6.DFW9.ALTER.NET [152.63.103.78]
    23 175 ms 174 ms 167 ms 64.215.195.133
    24 * * * Request timed out.
    25 288 ms 279 ms 270 ms uol-1.ar5.GRU1.gblx.net [64.215.195.94]
    26 306 ms 305 ms 309 ms 200.221.30.49
    27 349 ms 370 ms 338 ms home.uol.com.br [200.221.2.45]

    Trace complete.
    Ljubomir Ljubojevic - Love is in the Air
    Google is the Mother, Google is the Father, and traceroute is your trusty Spiderman...
    StarOS and CentOS/RHEL/Linux consultant
    Powerful Starv3 manipulation tool - StarV3 Multipractik for Linux

  8. #8
    Join Date
    Jan 2000
    Location
    Langley, Canada
    Posts
    8,090
    Rep Power
    10

    Default

    I think there is simply something 'odd' with that site, causing it to be inaccessible at times.

  9. #9
    Join Date
    Mar 2006
    Location
    Srbobran, Serbia
    Posts
    4,084
    Rep Power
    16

    Default

    Ping after hop 24 are bit higher. Poor link or similar.
    Ljubomir Ljubojevic - Love is in the Air
    Google is the Mother, Google is the Father, and traceroute is your trusty Spiderman...
    StarOS and CentOS/RHEL/Linux consultant
    Powerful Starv3 manipulation tool - StarV3 Multipractik for Linux

  10. #10
    Join Date
    Mar 2006
    Location
    Srbobran, Serbia
    Posts
    4,084
    Rep Power
    16

    Default

    Have you always used beacon on wpci1?

    You havent opened it also on wpci2 or ether by any chance and mixed results?

    Quote Originally Posted by keith.yoder View Post
    Everything is NATed to the wpci1 radio which is the backhaul. For normal traffic the IP for wpci1 (10.10.0.26) is what shows up in beacon. When we try to open www.uol.com.br, the ip of the client attached to the hotspot (129.168.100.X) appears in beacon. This makes me think that for some strange reason, NAT is not funcioning for one specific IP destination. I have never seen this before and don't quite know where to start looking.
    Ljubomir Ljubojevic - Love is in the Air
    Google is the Mother, Google is the Father, and traceroute is your trusty Spiderman...
    StarOS and CentOS/RHEL/Linux consultant
    Powerful Starv3 manipulation tool - StarV3 Multipractik for Linux

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts