* [LARTC] Routing tables and netfilter
@ 2003-05-27 8:36 Riaan Annandale
2003-05-27 9:02 ` Riaan Annandale
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: Riaan Annandale @ 2003-05-27 8:36 UTC (permalink / raw)
To: lartc
[-- Attachment #1: Type: text/plain, Size: 2269 bytes --]
Hi Guys,
A couple of days ago I sent a mail here regarding routing browsing
packets to a different gateway. Well here's an update which I believe
will shed more light on the problem.
I am now marking all TCP and udp packets on a test box with a one.
I then route these packets via a routing table through an ISDN device.
If I delete this route I instantly get destination net unreachable from
the client side (my linux box)
When I add it back in, it just sits and eventually times out.
If I do a tcpdump on the server that I am trying to telnet I can see
that it's getting the packets that I send to establish the connection
and is sending the SYN packets back, but yet my side still just sits. It
almost appears that it doesn't work with MASQ.
Now before everyone starts nailing me about MASQ as per
"IMPORTANT: We received a report that MASQ and SNAT at least collide
with marking packets." and "Turn off the reverse path filter to make it
work properly." - I have done that and I get the same results.
It appears that the packets are being dropped somewhere.
It feels like I am missing something really small and arb.
Any help would be appreciated
--
Riaan Annandale
Client Services: Corporate Support Engineer
TISCALI (PTY) LTD
THE COMMUNICATION COMPANY
42 Wierda Road West, Wierda Valley, Sandton
Mobile :
Office : +27 11 286 5014
Fax :
E-Mail : Riaan.Annandale@za.tiscali.com
http://www.tiscali.co.za
Disclaimer: This email is considered a business record and is
therefore property of Tiscali. This email, and any files transmitted
with it are confidential and are intended solely for the use of the
individual or entity to whom they are addressed. This communication
represents the originator's personal views and opinions, which do not
necessarily reflect those of Tiscali. If you are not the original
recipient or the person responsible for delivering the email to the
intended recipient, be advised that you have this email in error, and
that any use, dissemination, forwarding, printing, or copying of this
email is strictly prohibited. If you received this email in error,
please immediately notify disclaimer@za.tiscali.com.
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LARTC] Routing tables and netfilter
2003-05-27 8:36 [LARTC] Routing tables and netfilter Riaan Annandale
@ 2003-05-27 9:02 ` Riaan Annandale
2003-05-27 9:04 ` Paul Evans
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Riaan Annandale @ 2003-05-27 9:02 UTC (permalink / raw)
To: lartc
[-- Attachment #1: Type: text/plain, Size: 3633 bytes --]
Sorry I made a typo :(
"and is sending the SYN packets back" - SYN should be ACK
On Tue, May 27, 2003 at 10:36:31AM +0200, Riaan Annandale wrote:
> Hi Guys,
>
> A couple of days ago I sent a mail here regarding routing browsing
> packets to a different gateway. Well here's an update which I believe
> will shed more light on the problem.
>
> I am now marking all TCP and udp packets on a test box with a one.
>
> I then route these packets via a routing table through an ISDN device.
>
> If I delete this route I instantly get destination net unreachable from
> the client side (my linux box)
>
> When I add it back in, it just sits and eventually times out.
>
> If I do a tcpdump on the server that I am trying to telnet I can see
> that it's getting the packets that I send to establish the connection
> and is sending the SYN packets back, but yet my side still just sits. It
> almost appears that it doesn't work with MASQ.
>
> Now before everyone starts nailing me about MASQ as per
> "IMPORTANT: We received a report that MASQ and SNAT at least collide
> with marking packets." and "Turn off the reverse path filter to make it
> work properly." - I have done that and I get the same results.
>
> It appears that the packets are being dropped somewhere.
>
> It feels like I am missing something really small and arb.
>
> Any help would be appreciated
> --
> Riaan Annandale
> Client Services: Corporate Support Engineer
> TISCALI (PTY) LTD
> THE COMMUNICATION COMPANY
> 42 Wierda Road West, Wierda Valley, Sandton
> Mobile :
> Office : +27 11 286 5014
> Fax :
> E-Mail : Riaan.Annandale@za.tiscali.com
> http://www.tiscali.co.za
> Disclaimer: This email is considered a business record and is
> therefore property of Tiscali. This email, and any files transmitted
> with it are confidential and are intended solely for the use of the
> individual or entity to whom they are addressed. This communication
> represents the originator's personal views and opinions, which do not
> necessarily reflect those of Tiscali. If you are not the original
> recipient or the person responsible for delivering the email to the
> intended recipient, be advised that you have this email in error, and
> that any use, dissemination, forwarding, printing, or copying of this
> email is strictly prohibited. If you received this email in error,
> please immediately notify disclaimer@za.tiscali.com.
>
---end quoted text---
--
Riaan Annandale
Client Services: Corporate Support Engineer
TISCALI (PTY) LTD
THE COMMUNICATION COMPANY
42 Wierda Road West, Wierda Valley, Sandton
Mobile :
Office : +27 11 286 5014
Fax :
E-Mail : Riaan.Annandale@za.tiscali.com
http://www.tiscali.co.za
Disclaimer: This email is considered a business record and is
therefore property of Tiscali. This email, and any files transmitted
with it are confidential and are intended solely for the use of the
individual or entity to whom they are addressed. This communication
represents the originator's personal views and opinions, which do not
necessarily reflect those of Tiscali. If you are not the original
recipient or the person responsible for delivering the email to the
intended recipient, be advised that you have this email in error, and
that any use, dissemination, forwarding, printing, or copying of this
email is strictly prohibited. If you received this email in error,
please immediately notify disclaimer@za.tiscali.com.
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LARTC] Routing tables and netfilter
2003-05-27 8:36 [LARTC] Routing tables and netfilter Riaan Annandale
2003-05-27 9:02 ` Riaan Annandale
@ 2003-05-27 9:04 ` Paul Evans
2003-05-27 9:12 ` Daniel Ortiz
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Paul Evans @ 2003-05-27 9:04 UTC (permalink / raw)
To: lartc
On May 27, 2003 01:36 am, Riaan Annandale wrote:
> Disclaimer: This email is considered a business record and is
> therefore property of Tiscali. This email, and any files transmitted
> with it are confidential and are intended solely for the use of the
> individual or entity to whom they are addressed. This communication
> represents the originator's personal views and opinions, which do not
> necessarily reflect those of Tiscali. If you are not the original
> recipient or the person responsible for delivering the email to the
> intended recipient, be advised that you have this email in error, and
> that any use, dissemination, forwarding, printing, or copying of this
> email is strictly prohibited. If you received this email in error,
> please immediately notify disclaimer@za.tiscali.com.
I love receiving this stuff :-)
I think I must have received this email in error, since I'm on a public
network and am *convinced* that your views represent those of Tiscali.
Reporting as ordered. :-)
--
Regards, Paul Evans
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LARTC] Routing tables and netfilter
2003-05-27 8:36 [LARTC] Routing tables and netfilter Riaan Annandale
2003-05-27 9:02 ` Riaan Annandale
2003-05-27 9:04 ` Paul Evans
@ 2003-05-27 9:12 ` Daniel Ortiz
2003-05-27 9:25 ` Riaan Annandale
2003-05-27 11:58 ` Riaan Annandale
4 siblings, 0 replies; 6+ messages in thread
From: Daniel Ortiz @ 2003-05-27 9:12 UTC (permalink / raw)
To: lartc
[-- Attachment #1: Type: text/plain, Size: 685 bytes --]
On Tue, May 27, 2003 at 02:04:21AM -0700, Paul Evans wrote:
>
> I love receiving this stuff :-)
>
> I think I must have received this email in error, since I'm on a public
> network and am *convinced* that your views represent those of Tiscali.
>
> Reporting as ordered. :-)
>
> --
> Regards, Paul Evans
>
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
LOL
--
BSD ownz me
--
Daniel Ortiz
d.ortiz@in.ilimit.es
ILIMIT Comunicacions
Departament Sistemes
http://www.ilimit.es
Tel: (+34) 93 733 33 75
Fax: (+34) 93 733 32 43
[-- Attachment #2: Type: application/pgp-signature, Size: 187 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LARTC] Routing tables and netfilter
2003-05-27 8:36 [LARTC] Routing tables and netfilter Riaan Annandale
` (2 preceding siblings ...)
2003-05-27 9:12 ` Daniel Ortiz
@ 2003-05-27 9:25 ` Riaan Annandale
2003-05-27 11:58 ` Riaan Annandale
4 siblings, 0 replies; 6+ messages in thread
From: Riaan Annandale @ 2003-05-27 9:25 UTC (permalink / raw)
To: lartc
[-- Attachment #1: Type: text/plain, Size: 754 bytes --]
Yes yes, let's all have a good laugh.
Even perfect people do stoopid things some times ;)
Sorry guys, you'll see that I have now sorted the problem with a
send-hook. But seriously now, I still need a solution to my problem
On Tue, May 27, 2003 at 11:12:55AM +0200, Daniel Ortiz wrote:
> LOL
>
> --
> BSD ownz me
> --
>
> Daniel Ortiz
> d.ortiz@in.ilimit.es
>
> ILIMIT Comunicacions
> Departament Sistemes
> http://www.ilimit.es
> Tel: (+34) 93 733 33 75
> Fax: (+34) 93 733 32 43
---end quoted text---
--
Regards,
Riaan Annandale
Linux Systems Engineer (LPIC-1, CCNA)
0861 22 55 86
riaana at mundane dot co dot za
---------------------
Corrupt, adj.:
In politics, holding an office of trust or profit.
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LARTC] Routing tables and netfilter
2003-05-27 8:36 [LARTC] Routing tables and netfilter Riaan Annandale
` (3 preceding siblings ...)
2003-05-27 9:25 ` Riaan Annandale
@ 2003-05-27 11:58 ` Riaan Annandale
4 siblings, 0 replies; 6+ messages in thread
From: Riaan Annandale @ 2003-05-27 11:58 UTC (permalink / raw)
To: lartc
[-- Attachment #1: Type: text/plain, Size: 1895 bytes --]
Howzit Guys,
I got the problem sorted,
I used the examples under "Routing for multiple uplinks/providers" to
route stuff out the same interface that it comes and in, and voila!,
bob's yer uncle!
I wonder if that might not be why the stuff mentioned below didn't work
in the first place.
Well anyway, cheers!
On Tue, May 27, 2003 at 10:36:31AM +0200, Riaan Annandale wrote:
> Hi Guys,
>
> A couple of days ago I sent a mail here regarding routing browsing
> packets to a different gateway. Well here's an update which I believe
> will shed more light on the problem.
>
> I am now marking all TCP and udp packets on a test box with a one.
>
> I then route these packets via a routing table through an ISDN device.
>
> If I delete this route I instantly get destination net unreachable from
> the client side (my linux box)
>
> When I add it back in, it just sits and eventually times out.
>
> If I do a tcpdump on the server that I am trying to telnet I can see
> that it's getting the packets that I send to establish the connection
> and is sending the SYN packets back, but yet my side still just sits. It
> almost appears that it doesn't work with MASQ.
>
> Now before everyone starts nailing me about MASQ as per
> "IMPORTANT: We received a report that MASQ and SNAT at least collide
> with marking packets." and "Turn off the reverse path filter to make it
> work properly." - I have done that and I get the same results.
>
> It appears that the packets are being dropped somewhere.
>
> It feels like I am missing something really small and arb.
>
> Any help would be appreciated
---end quoted text---
--
Regards,
Riaan Annandale
Linux Systems Engineer (LPIC-1, CCNA)
0861 22 55 86
riaana at mundane dot co dot za
---------------------
Angels we have heard on High
Tell us to go out and Buy.
-- Tom Lehrer
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2003-05-27 11:58 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-05-27 8:36 [LARTC] Routing tables and netfilter Riaan Annandale
2003-05-27 9:02 ` Riaan Annandale
2003-05-27 9:04 ` Paul Evans
2003-05-27 9:12 ` Daniel Ortiz
2003-05-27 9:25 ` Riaan Annandale
2003-05-27 11:58 ` Riaan Annandale
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.