[LARTC] HTTP only works on second try from doublely NAT'ed windows box

[LARTC] HTTP only works on second try from doublely NAT'ed windows box

[Dan]

<PRE>If this is a FAQ, may I be shot on site.

Problem:
-------
Every windows box on my network has to hit refresh once before a web site 
will come up.  It's as if the first try it doesn't have any gateway at all, 
but the second try works.  However, ping's always work flawlessly, so I 
assume this is an Internet explorer or TCP/HTTP traffic problem.

Here's my setup:
---------------
Internet
  |
  |
DSL Router (64.x.x.130 external, and 10.0.0.250 internal)
  |
  |
Linux Box  (10.0.0.251 internal/mapped to external 64.x.x.131 by DSL router 
NAT)
  |
  |
Windows98  (10.0.0.122 internal - NAT'ed to 64.x.x.131 by Linux Box &amp; DSL 
router before reaching Internet)


The Linux Box uses the router as it's gateway (of course) and I have 
configured the DSL router to use NAT to translate 10.0.0.251 to 
64.x.x.131.  This works fine.

Similarly, I have configured the Windows98 box to use Linux as it's 
gateway, and Linux uses NAT to translate 10.0.0.122 into  10.0.0.251 - 
which is then translated into 64.x.x.131 before it goes out to the Internet).

If I tell the Windows98 box to use 10.0.0.250 as it's gateway, then 
everything works perfectly.  Any tips?

And yes, there are reasons why I have it configured this way.  (e.g., there 
are 3 linux servers that each have an internal/external mapping done by the 
dsl router).


Dan Browning, Cyclone Computer Systems, <A HREF="mailto:danb@cyclonecomputers.com">danb@cyclonecomputers.com</A>



</PRE>

[LARTC] HTTP only works on second try from doublely NAT'ed windows box

[bert]

<PRE>On Thu, Jan 11, 2001 at 07:31:57PM -0800, Dan B wrote:

&gt;<i> If this is a FAQ, may I be shot on site.
</I>
Well :-)

&gt;<i> Here's my setup:
</I>&gt;<i> ---------------
</I>&gt;<i> Internet
</I>&gt;<i>   |
</I>&gt;<i>   |
</I>&gt;<i> DSL Router (64.x.x.130 external, and 10.0.0.250 internal)
</I>&gt;<i>   |
</I>&gt;<i>   |
</I>&gt;<i> Linux Box  (10.0.0.251 internal/mapped to external 64.x.x.131 by DSL router 
</I>&gt;<i> NAT)
</I>&gt;<i>   |
</I>&gt;<i>   |
</I>&gt;<i> Windows98  (10.0.0.122 internal - NAT'ed to 64.x.x.131 by Linux Box &amp; DSL 
</I>&gt;<i> router before reaching Internet)
</I>
Are the DSL Router, the Linux Box and the Windows 98 machines all on a
single subnet, of interface? In that case the Linux box may be sending out
ICMP Redirects. Linux machines might react instantly to those redirects,
Windows only on the second try?

Use the great tool tcpdump of ethereal to find out what is exactly being
sent over the wire.

Regards,

bert hubert

-- 
PowerDNS                     Versatile DNS Services  
Trilab                       The Technology People   
'SYN! .. SYN|ACK! .. ACK!' - the mating call of the internet


</PRE>

[LARTC] HTTP only works on second try from doublely NAT'ed

[Dan]

<PRE>&gt;<i> &gt; Here's my setup:
</I>&gt;<i> &gt; ---------------
</I>&gt;<i> &gt; Internet
</I>&gt;<i> &gt;   |
</I>&gt;<i> &gt;   |
</I>&gt;<i> &gt; DSL Router (64.x.x.130 external, and 10.0.0.250 internal)
</I>&gt;<i> &gt;   |
</I>&gt;<i> &gt;   |
</I>&gt;<i> &gt; Linux Box  (10.0.0.251 internal/mapped to external 64.x.x.131 by DSL 
</I>&gt;<i> router
</I>&gt;<i> &gt; NAT)
</I>&gt;<i> &gt;   |
</I>&gt;<i> &gt;   |
</I>&gt;<i> &gt; Windows98  (10.0.0.122 internal - NAT'ed to 64.x.x.131 by Linux Box &amp; DSL
</I>&gt;<i> &gt; router before reaching Internet)
</I>&gt;<i>
</I>&gt;<i>Are the DSL Router, the Linux Box and the Windows 98 machines all on a
</I>&gt;<i>single subnet, of interface? In that case the Linux box may be sending out
</I>&gt;<i>ICMP Redirects. Linux machines might react instantly to those redirects,
</I>&gt;<i>Windows only on the second try?
</I>&gt;<i>
</I>&gt;<i>Use the great tool tcpdump of ethereal to find out what is exactly being
</I>&gt;<i>sent over the wire.
</I>&gt;<i>
</I>&gt;<i>Regards,
</I>&gt;<i>
</I>&gt;<i>bert hubert
</I>

It's been a few weeks for me to think about my problem, and I think I 
finally figured out what you meant by what you said, Bert.  I think my 
problem is the linux box is trying to NAT between two interfaces even 
though they are on the same subnet.  (duh! tcp/ip 101).

So I'm going to try changing the Linux box to 10.0.0.251/255.255.255.248, 
and the windows98 box to 10.0.0.122/255.255.255.128, and see if the NAT 
will work correctly after that.

Thanks, again!

-Dan



</PRE>

[LARTC] HTTP only works on second try from doublely NAT'ed

[Dan]

<PRE>At 08:00 PM 2/1/2001 -0800, Dan B wrote:

&gt;&gt;<i> &gt; Here's my setup:
</I>&gt;&gt;<i> &gt; ---------------
</I>&gt;&gt;<i> &gt; Internet
</I>&gt;&gt;<i> &gt;   |
</I>&gt;&gt;<i> &gt;   |
</I>&gt;&gt;<i> &gt; DSL Router (64.x.x.130 external, and 10.0.0.250 internal)
</I>&gt;&gt;<i> &gt;   |
</I>&gt;&gt;<i> &gt;   |
</I>&gt;&gt;<i> &gt; Linux Box  (10.0.0.251 internal/mapped to external 64.x.x.131 by DSL 
</I>&gt;&gt;<i> router
</I>&gt;&gt;<i> &gt; NAT)
</I>&gt;&gt;<i> &gt;   |
</I>&gt;&gt;<i> &gt;   |
</I>&gt;&gt;<i> &gt; Windows98  (10.0.0.122 internal - NAT'ed to 64.x.x.131 by Linux Box &amp; DSL
</I>&gt;&gt;<i> &gt; router before reaching Internet)
</I>&gt;&gt;<i>
</I>&gt;&gt;<i>Are the DSL Router, the Linux Box and the Windows 98 machines all on a
</I>&gt;&gt;<i>single subnet, of interface? In that case the Linux box may be sending out
</I>&gt;&gt;<i>ICMP Redirects. Linux machines might react instantly to those redirects,
</I>&gt;&gt;<i>Windows only on the second try?
</I>&gt;&gt;<i>
</I>&gt;&gt;<i>Use the great tool tcpdump of ethereal to find out what is exactly being
</I>&gt;&gt;<i>sent over the wire.
</I>&gt;&gt;<i>
</I>&gt;&gt;<i>Regards,
</I>&gt;&gt;<i>
</I>&gt;&gt;<i>bert hubert
</I>&gt;<i>
</I>&gt;<i>
</I>&gt;<i>It's been a few weeks for me to think about my problem, and I think I 
</I>&gt;<i>finally figured out what you meant by what you said, Bert.  I think my 
</I>&gt;<i>problem is the linux box is trying to NAT between two interfaces even 
</I>&gt;<i>though they are on the same subnet.  (duh! tcp/ip 101).
</I>&gt;<i>
</I>&gt;<i>So I'm going to try changing the Linux box to 10.0.0.251/255.255.255.248, 
</I>&gt;<i>and the windows98 box to 10.0.0.122/255.255.255.128, and see if the NAT 
</I>&gt;<i>will work correctly after that.
</I>
That fixed it. :-) (I gotta remember that you can't NAT / route between two 
computers on the same subnet very well).


Dan Browning, Cyclone Computer Systems, <A HREF="mailto:danb@cyclonecomputers.com">danb@cyclonecomputers.com</A>



</PRE>

[LARTC] HTTP only works on second try from doublely NAT'ed windows box

[bert]

<PRE>On Fri, Feb 09, 2001 at 08:52:56PM -0800, Dan B wrote:

&gt;<i> &gt;So I'm going to try changing the Linux box to 10.0.0.251/255.255.255.248, 
</I>&gt;<i> &gt;and the windows98 box to 10.0.0.122/255.255.255.128, and see if the NAT 
</I>&gt;<i> &gt;will work correctly after that.
</I>&gt;<i> 
</I>&gt;<i> That fixed it. :-) (I gotta remember that you can't NAT / route between two 
</I>&gt;<i> computers on the same subnet very well).
</I>
You can, I think, but you need to be very sure that your NAT machine isn't
sending out any ICMP Redirects.

Regards,

bert

-- 
<A HREF="http://www.PowerDNS.com">http://www.PowerDNS.com</A>      Versatile DNS Services  
Trilab                       The Technology People   
'SYN! .. SYN|ACK! .. ACK!' - the mating call of the internet


</PRE>