From: Brent Clark <bclark@eccotours.co.za>
To: lartc@vger.kernel.org
Subject: [LARTC] cant route out
Date: Sat, 18 Feb 2006 19:25:32 +0000 [thread overview]
Message-ID: <43F774AC.7020201@eccotours.co.za> (raw)
Hi all I seem to have a very weird problem.
I have a gateway that allows me to route into the LAN etc, but for some reason I cant get traffic out.
I have apprended a route like below to help me if its getting that far, and it defiantly is.
$IPT -t nat -A POSTROUTING -o eth0 -s 10.0.0.0/24 -j LOG --log-prefix "POST ROUTE: "
--log-tcp-options --log-ip-options
Feb 18 19:14:16 ukgate kernel: POST ROUTE: IN= OUT=eth0 SRC\x10.0.0.74 DST\x140.135.10.98 LENH
TOS=0x00 PREC=0x00 TTL\x127 IDR278 DF PROTO=TCP SPT\x1336 DPT€ WINDOWe535 RES=0x00 SYN URGP=0
OPT (020405B401010402)
Feb 18 19:14:16 ukgate kernel: POST ROUTE: IN= OUT=eth0 SRC\x10.0.0.74 DST!9.159.9.103 LENH
TOS=0x00 PREC=0x00 TTL\x127 IDR279 DF PROTO=TCP SPT\x1337 DPT€ WINDOWe535 RES=0x00 SYN URGP=0
OPT (020405B401010402)
Feb 18 19:14:16 ukgate kernel: POST ROUTE: IN= OUT=eth0 SRC\x10.0.0.74 DST!9.117.8.205 LENH
TOS=0x00 PREC=0x00 TTL\x127 IDR280 DF PROTO=TCP SPT\x1338 DPT€ WINDOWe535 RES=0x00 SYN URGP=0
OPT (020405B401010402)
ukgate:~# ip route show
217.206.34.80/28 dev eth0 proto kernel scope link src 217.206.34.82
10.0.0.0/24 dev eth1 proto kernel scope link src 10.0.0.4
default via 217.206.34.81 dev eth0
ukgate:~#
And the weird thing is, is that tcpdump shows the client trying to connect
ukgate:~# tcpdump -nn port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
19:21:59.735233 IP 10.0.0.4.1900 > 219.54.8.100.80: S 340139438:340139438(0) win 65535 <mss
1460,nop,nop,sackOK>
19:21:59.735396 IP 10.0.0.4.1901 > 213.73.201.11.80: S 340204029:340204029(0) win 65535 <mss
1460,nop,nop,sackOK>
19:22:01.734139 IP 10.0.0.4.1904 > 218.212.34.220.80: S 340860984:340860984(0) win 65535 <mss
1460,nop,nop,sackOK>
19:22:02.706327 IP 10.0.0.4.1900 > 219.54.8.100.80: S 340139438:340139438(0) win 65535 <mss
1460,nop,nop,sackOK>
19:22:02.706347 IP 10.0.0.4.1901 > 213.73.201.11.80: S 340204029:340204029(0) win 65535 <mss
1460,nop,nop,sackOK>
19:22:04.717925 IP 10.0.0.4.1904 > 218.212.34.220.80: S 340860984:340860984(0) win 65535 <mss
1460,nop,nop,sackOK>
If anyone could assist, I would be most grateful.
Kind Regards
Brent Clark
P.s.
I have echo 1 > /proc/sys/net/ipv4/ip_forward in my ruleset.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next reply other threads:[~2006-02-18 19:25 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-02-18 19:25 Brent Clark [this message]
2006-02-18 23:39 ` [LARTC] cant route out Sebastian Bork
2006-02-19 13:32 ` Brent Clark
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43F774AC.7020201@eccotours.co.za \
--to=bclark@eccotours.co.za \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.