[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SYN/ACK not forwarded to 2nd NIC



You MUST use masquerading, else ware it will not work.
I have the same configuration as you shown at my home.

Mike


---------------------------------------------------
Mofet Institute - Computer Dpt.
+972-3-6901415

~~~~~~~~~~~~~~~~~~~~~~~~~

----- Original Message -----
From: "Meir" <meir@education.gov.il>
To: "Mike Almogy" <lizard@macam98.ac.il>
Cc: "Linux-il" <linux-il@linux.org.il>
Sent: Thursday, June 15, 2000 1:40 PM
Subject: Re: SYN/ACK not forwarded to 2nd NIC


> Mike Almogy wrote:
>
> > Hi.
> >
> > did you configured the kernel with IPCHAINS as needed ?
> >
> > You can read the IP-MASQUERADING HOWTO , there is a detailed examples
how to
> > do it.
> > you need some rules in order to let Linux know that it supposed to do
the
> > masquerading from one net to the other.
>
> Thanks for your answer, Mike,
>
> For now no masquerading is taking place: all rules default to ACCEPT.
>
> -- Meir
>
> > ----- Original Message -----
> > From: "Meir" <meir@education.gov.il>
> > To: <linux-il@cs.huji.ac.il>
> > Sent: Thursday, June 15, 2000 12:20 PM
> > Subject: SYN/ACK not forwarded to 2nd NIC
> >
> > > Hi,
> > >
> > > I have a curious problem.
> > >
> > > My box (linux) is trying to send mail to a target.
> > > Between my box and the target there is a linux box 2.2.12
> > > with 4 NICs but (for now) _without_ any filtering rules
> > > at all (all default to ACCEPT).
> > >
> > > Only 2 NICs are up: eth0 to external net and eth1 to internal net.
> > >
> > > The problem is that when I tcpdump the 2 NICs from this middle-box,
> > > I can see a SYN getting out from eth1 and then passed to eth0
> > > (ip forwarding is enabled), and then I receive a SYN/ACK from the
> > > target box via eth0, but this SYN/ACK _never_ reach
> > > eth1 (which point to internal net) !!!
> > >
> > > The figure describe what's happen:
> > >
> > >                       ___________________
> > >                      |                   |
> > >        |   <- SYN    |<- SYN      <- SYN |          | 192.168.9.133
> > > Target |             |eth0         eth1  |----------| My box
> > >        |       192.168.0.29      192.168.9.150      | run
> > >        |  SYN/ACK -> | ->  ???           |          | telnet Target 25
> > >                      |_____________  ____|
> > >
> > >                                     ^
> > >                                     |
> > >                                     |_____ SYN/ACK never reach eth1
!!!
> > >
> > > # /sbin/route
> > >
> > > Kernel IP routing table
> > > Destination     Gateway         Genmask         Flags Metric Ref
Use
> > > Iface
> > > 192.168.0.29    *               255.255.255.255 UH    0      0
0
> > > eth0
> > > 192.168.9.150   *               255.255.255.255 UH    0      0
0
> > > eth1
> > > 192.168.0.24    *               255.255.255.248 U     0      0
0
> > > eth0
> > > 192.168.9.128   *               255.255.255.224 U     0      0
0
> > > eth1
> > > 127.0.0.0       *               255.0.0.0       U     0      0
0
> > > lo
> > > default         192.168.0.25    0.0.0.0         UG    0      0
0
> > > eth0
> > >
> > > eth0: 192.168.0.29  netmask 255.255.255.248
> > > eth1: 192.168.9.150 netmask 255.255.255.224
> > > default route: 192.168.0.25
> > >
> > > My box: 192.168.9.133 netmask 255.255.255.224
> > > default route: 192.168.9.150
> > >
> > > The same thing occures when telneting Target on ports 7/9/79 etc...
> > >
> > > _But_ when I telnet Target 80 or 21  from My Box, it works !
> > > Why ?
> > > Sure, I am missing something, but what ?
> > >
> > > I try with kernel 2.2.5, 2.2.12, 2.2.14.
> > >
> > > /proc/sys/net/ipv4/conf/{all,eth*}/rp_filter are set to 1
> > > /proc/sys/net/ipv4/ip_forward                is  set to 1
> > >
> > > Thanks in advance,
> > >
> > > -- Meir
> > >
> > >
> > > =================================================================
> > > To unsubscribe, send mail to linux-il-request@linux.org.il with
> > > the word "unsubscribe" in the message body, e.g., run the command
> > > echo unsubscribe | mail linux-il-request@linux.org.il
> > >
> > >
>
>
> =================================================================
> To unsubscribe, send mail to linux-il-request@linux.org.il with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail linux-il-request@linux.org.il
>
>


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il