From: Andrew Beekhof <beekhof@gmail.com>
To: Trevor Cordes <trevor@tecnopolis.ca>
Cc: netfilter@lists.netfilter.org
Subject: Re: Masquerade difficulties
Date: Sat, 8 Jan 2005 11:03:22 +0100 [thread overview]
Message-ID: <26ef5e7050108020312386f9c@mail.gmail.com> (raw)
In-Reply-To: <20050107221238.GA10943@pog.tecnopolis.ca>
On Fri, 7 Jan 2005 16:12:38 -0600, Trevor Cordes <trevor@tecnopolis.ca> wrote:
> > I'm having some difficulties getting masquerading to work and hoping
> > for some pointers...
>
> I can try to help. But you'll need to better describe your network
> layout. Can you draw a little diagram showing where A, B & C are?
Sure, A & B are connected directly to a netgear DSL modem/hub. C is
part of my company's network which I'm accessing over the internet
with ipsec. I've also tried replacing C with google.com (after
specifying an appropriate routing rule) with no success.
Does that clear things up?
>
> Are you sure that BoxC doesn't have some firewall on (XP SP2) that is
> eating the ping packets?
XP? God no! All the machines are linux boxes running either SLES9 or
Gentoo :) No firewall on B or C.
From what I can tell, the packets from BoxB are getting lost on BoxA.
I just tried using telnet and tcpdump and although I get logs like
this:
Jan 8 08:35:55 BoxA IN=eth0 OUT=eth0 SRC=192.168.9.22 DST=10.10.2.86
LEN=60 TOS=0x10 PREC=0x00 TTL=63 ID=48952 DF PROTO=TCP SPT=34452
DPT=69 WINDOW=3840 RES=0x00 SYN URGP=0
... the packets never actually arrive at BoxC (10.10.2.86). I dont
think they ever leave BoxA but I'm not sure I understand the tcpdump
output enough to say for sure.
A dump of my iptables in case it helps...
mayo linux # iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
mayo linux # iptables -L -t filter
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
mayo linux # iptables -L -t mangle
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
LOG all -- anywhere anywhere LOG level debug
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
next prev parent reply other threads:[~2005-01-08 10:03 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-07 22:12 Masquerade difficulties Trevor Cordes
2005-01-08 10:03 ` Andrew Beekhof [this message]
2005-01-08 20:56 ` Andrew Beekhof
-- strict thread matches above, loose matches on Subject: below --
2005-01-07 21:42 Andrew Beekhof
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=26ef5e7050108020312386f9c@mail.gmail.com \
--to=beekhof@gmail.com \
--cc=netfilter@lists.netfilter.org \
--cc=trevor@tecnopolis.ca \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.