icmp echo packets not masqueraded properly.

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Jihoon Chung <difro@sexycoder.com>
To: netfilter@lists.netfilter.org
Subject: icmp echo packets not masqueraded properly.
Date: Tue, 18 Mar 2003 16:32:01 +0900	[thread overview]
Message-ID: <20030318073201.GA7700@morpheus> (raw)

I have two lines goint out to internet from the firewall machine.
One is adsl (say, ppp0) and the other is cable modem (eth1).
My notebook is connected to eth2 and is running Windows 2000.

I use ppp0 as primary line and cable modem as backup.
So when ppp0 is connected , 'ip route show | tail -1' shows the following,

default via 1.1.1.1 dev ppp0

and when ppp0 goes down, 'ip route show | tail -1' show the following.

default via 2.2.2.2 dev eth1

(I've written a small daemon which detects status of ppp0 and changes to
 default route accordingly, and this calls 'ip route flush cache'
 everytime it changeds routes)

And the Masquerading rule is:
`iptables -t filter -A FORWARD -j MASQUERADE`;

The problem occurs when I'm pinging from the notebook (host inside the
firewall) to any host outside the firewall. 

When ppp0 dies and the default-route gets changed to eth1 while pinging
from the notebook,  the ping session is still masqueraded to ppp0's ip
address !! ,  even though the packets are routed through eth1.
(I found this by tcpdumping on eth1)

If I stop the ping on the notebook and wait 30 seconds and ping again, 
it behaves fine.

Is there anyway I can make it behave without "stop-wait30sec" ?

(by the way , I searched in /proc and tried turning on
 /proc/sys/net/ipv4/ip_dynaddr , but nothing changed.)

next             reply	other threads:[~2003-03-18  7:32 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-03-18  7:32 Jihoon Chung [this message]
2003-03-19  3:22 ` icmp echo packets not masqueraded properly Joel Newkirk
2003-03-19  3:47   ` Jihoon Chung

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20030318073201.GA7700@morpheus \
    --to=difro@sexycoder.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox