Re: IPTables problem perhaps related to ECN/CWR flags?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: WP <mls100@comcast.net>
To: Sietse van Zanen <sietse@wizdom.nu>, netfilter@lists.netfilter.org
Subject: Re: IPTables problem perhaps related to ECN/CWR flags?
Date: Wed, 26 Jul 2006 11:12:43 -0700	[thread overview]
Message-ID: <44C7B09B.8070206@comcast.net> (raw)
In-Reply-To: <02BB8A4AC86C564C89C7F14CF98CE0C40127E5@knowledge.wizdom.nu>

I realize this... as you can see from the tcpdump logs the packet makes 
it to W2 just fine. I changed the port forward accordingly with each 
attempt. I'm aware you can't forward to two internal addresses at the 
same time.

MLS

Sietse van Zanen wrote:
> You cannot use both servers on the same port externally, when accessing from the Internet. There is no way a client on the Internet can distinguish between the servers, as it only sees the IP address of your firewall.
>  
> Do either of the following.
>  
> Have your firewall forward two different ports to port 23 of your server:
> FW port 23 -> W2 port 23
> FW port 24 -> W3 port 23
>  
> Configure one of your servers to use a different port and set up port forwarding accordingly.
> FW port 23 -> W2 port 23
> FW port 24 -> W3 port 24
>  
> The first one will not break your internal network, the second is somewhat more symetric. Asymetric port forwarding might not work with certain software.
>  
> The only 'real' solution to use both machines on port 23 is obtain an extra external IP address.
>  
> -Sietse
>
> ________________________________
>
> From: netfilter-bounces@lists.netfilter.org on behalf of WP
> Sent: Wed 26-Jul-06 13:45
> To: netfilter@lists.netfilter.org
> Subject: IPTables problem perhaps related to ECN/CWR flags?
>
>

     prev parent reply	other threads:[~2006-07-26 18:12 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-07-26 11:45 IPTables problem perhaps related to ECN/CWR flags? WP
2006-07-26 12:42 ` Sietse van Zanen
2006-07-26 18:12   ` WP [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=44C7B09B.8070206@comcast.net \
    --to=mls100@comcast.net \
    --cc=mls1000@s92551514.onlinehome.us \
    --cc=netfilter@lists.netfilter.org \
    --cc=sietse@wizdom.nu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.