[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SYN/ACK not forwarded to 2nd NIC



Hi.

did you configured the kernel with IPCHAINS as needed ?

You can read the IP-MASQUERADING HOWTO , there is a detailed examples how to
do it.
you need some rules in order to let Linux know that it supposed to do the
masquerading from one net to the other.


Mike

---------------------------------------------------
Mofet Institute - Computer Dpt.
+972-3-6901415

~~~~~~~~~~~~~~~~~~~~~~~~~

----- Original Message -----
From: "Meir" <meir@education.gov.il>
To: <linux-il@cs.huji.ac.il>
Sent: Thursday, June 15, 2000 12:20 PM
Subject: SYN/ACK not forwarded to 2nd NIC


> Hi,
>
> I have a curious problem.
>
> My box (linux) is trying to send mail to a target.
> Between my box and the target there is a linux box 2.2.12
> with 4 NICs but (for now) _without_ any filtering rules
> at all (all default to ACCEPT).
>
> Only 2 NICs are up: eth0 to external net and eth1 to internal net.
>
> The problem is that when I tcpdump the 2 NICs from this middle-box,
> I can see a SYN getting out from eth1 and then passed to eth0
> (ip forwarding is enabled), and then I receive a SYN/ACK from the
> target box via eth0, but this SYN/ACK _never_ reach
> eth1 (which point to internal net) !!!
>
> The figure describe what's happen:
>
>                       ___________________
>                      |                   |
>        |   <- SYN    |<- SYN      <- SYN |          | 192.168.9.133
> Target |             |eth0         eth1  |----------| My box
>        |       192.168.0.29      192.168.9.150      | run
>        |  SYN/ACK -> | ->  ???           |          | telnet Target 25
>                      |_____________  ____|
>
>                                     ^
>                                     |
>                                     |_____ SYN/ACK never reach eth1 !!!
>
> # /sbin/route
>
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use
> Iface
> 192.168.0.29    *               255.255.255.255 UH    0      0        0
> eth0
> 192.168.9.150   *               255.255.255.255 UH    0      0        0
> eth1
> 192.168.0.24    *               255.255.255.248 U     0      0        0
> eth0
> 192.168.9.128   *               255.255.255.224 U     0      0        0
> eth1
> 127.0.0.0       *               255.0.0.0       U     0      0        0
> lo
> default         192.168.0.25    0.0.0.0         UG    0      0        0
> eth0
>
> eth0: 192.168.0.29  netmask 255.255.255.248
> eth1: 192.168.9.150 netmask 255.255.255.224
> default route: 192.168.0.25
>
> My box: 192.168.9.133 netmask 255.255.255.224
> default route: 192.168.9.150
>
> The same thing occures when telneting Target on ports 7/9/79 etc...
>
> _But_ when I telnet Target 80 or 21  from My Box, it works !
> Why ?
> Sure, I am missing something, but what ?
>
> I try with kernel 2.2.5, 2.2.12, 2.2.14.
>
> /proc/sys/net/ipv4/conf/{all,eth*}/rp_filter are set to 1
> /proc/sys/net/ipv4/ip_forward                is  set to 1
>
> Thanks in advance,
>
> -- Meir
>
>
> =================================================================
> To unsubscribe, send mail to linux-il-request@linux.org.il with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail linux-il-request@linux.org.il
>
>


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il