[LARTC] cant route out

[LARTC] cant route out

[Brent Clark]

Hi all I seem to have a very weird problem.

I have a gateway that allows me to route into the LAN etc, but for some reason I cant get traffic out.

I have apprended a route like below to help me if its getting that far, and it defiantly is.

$IPT -t nat -A POSTROUTING -o eth0 -s 10.0.0.0/24 -j LOG --log-prefix "POST ROUTE: "
--log-tcp-options --log-ip-options

Feb 18 19:14:16 ukgate kernel: POST ROUTE: IN= OUT=eth0 SRC\x10.0.0.74 DST\x140.135.10.98 LENH
TOS=0x00 PREC=0x00 TTL\x127 IDR278 DF PROTO=TCP SPT\x1336 DPT€ WINDOWe535 RES=0x00 SYN URGP=0
OPT (020405B401010402)
Feb 18 19:14:16 ukgate kernel: POST ROUTE: IN= OUT=eth0 SRC\x10.0.0.74 DST!9.159.9.103 LENH
TOS=0x00 PREC=0x00 TTL\x127 IDR279 DF PROTO=TCP SPT\x1337 DPT€ WINDOWe535 RES=0x00 SYN URGP=0
OPT (020405B401010402)
Feb 18 19:14:16 ukgate kernel: POST ROUTE: IN= OUT=eth0 SRC\x10.0.0.74 DST!9.117.8.205 LENH
TOS=0x00 PREC=0x00 TTL\x127 IDR280 DF PROTO=TCP SPT\x1338 DPT€ WINDOWe535 RES=0x00 SYN URGP=0
OPT (020405B401010402)


ukgate:~# ip route show
217.206.34.80/28 dev eth0  proto kernel  scope link  src 217.206.34.82
10.0.0.0/24 dev eth1  proto kernel  scope link  src 10.0.0.4
default via 217.206.34.81 dev eth0
ukgate:~#

And the weird thing is, is that tcpdump shows the client trying to connect

ukgate:~# tcpdump -nn port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
19:21:59.735233 IP 10.0.0.4.1900 > 219.54.8.100.80: S 340139438:340139438(0) win 65535 <mss
1460,nop,nop,sackOK>
19:21:59.735396 IP 10.0.0.4.1901 > 213.73.201.11.80: S 340204029:340204029(0) win 65535 <mss
1460,nop,nop,sackOK>
19:22:01.734139 IP 10.0.0.4.1904 > 218.212.34.220.80: S 340860984:340860984(0) win 65535 <mss
1460,nop,nop,sackOK>
19:22:02.706327 IP 10.0.0.4.1900 > 219.54.8.100.80: S 340139438:340139438(0) win 65535 <mss
1460,nop,nop,sackOK>
19:22:02.706347 IP 10.0.0.4.1901 > 213.73.201.11.80: S 340204029:340204029(0) win 65535 <mss
1460,nop,nop,sackOK>
19:22:04.717925 IP 10.0.0.4.1904 > 218.212.34.220.80: S 340860984:340860984(0) win 65535 <mss
1460,nop,nop,sackOK>


If anyone could assist, I would be most grateful.

Kind Regards
Brent Clark

P.s.

I have echo 1 > /proc/sys/net/ipv4/ip_forward in my ruleset.

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] cant route out

[Sebastian Bork]

On Sa, 2006-02-18 at 21:25 +0200, Brent Clark wrote:

> I have a gateway that allows me to route into the LAN etc, but for some reason I cant get traffic out.

Are you sure NAT is working? It looks like the packets leave your
gateway with addresses like 10.0.0.4 or 10.0.0.74 instead of being
NAT'ed to the public address 217.206.34.82.

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] cant route out

[Brent Clark]

Sebastian Bork wrote:
> On Sa, 2006-02-18 at 21:25 +0200, Brent Clark wrote:
> 
> 
>>I have a gateway that allows me to route into the LAN etc, but for some reason I cant get traffic out.
> 
> 
> Are you sure NAT is working? It looks like the packets leave your
> gateway with addresses like 10.0.0.4 or 10.0.0.74 instead of being
> NAT'ed to the public address 217.206.34.82.
> 

HI Sebastian

I figured it out late last night and I cursed my self for not figuring it out fast enough.
But least I relearnt something.

I appreciate your feedback.

I really apprecite it.

Kind Regards
Brent Clark
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc