yeah i think i get the saame thing when routing 10. to 192.168.1. the packet wont go backwards. is it a performance question? i seem to only get this when there is no traffic. i have a single external int w/ ipmasq. Portforwarded servers are 192.168.1. My private Lan is 10.* 00:07:15.730063 lo < Oort.miranda.opz > Oort.miranda.opz: icmp: host 10.0.0.255 unreachable [tos 0xc0] 00:07:15.730099 lo < Oort.miranda.opz > Oort.miranda.opz: icmp: host 10.0.0.255 unreachable [tos 0xc0] 00:07:19.730396 lo > Oort.miranda.opz > Oort.miranda.opz: icmp: host 10.0.0.255 unreachable [tos 0xc0] 00:07:19.730439 lo > Oort.miranda.opz > Oort.miranda.opz: icmp: host 10.0.0.255 unreachable [tos 0xc0] 00:07:19.730464 lo > Oort.miranda.opz > Oort.miranda.opz: icmp: host 10.0.0.255 unreachable [tos 0xc0] 00:07:19.730396 lo < Oort.miranda.opz > Oort.miranda.opz: icmp: host 10.0.0.255 unreachable [tos 0xc0] -----Original Message----- From: lartc-admin@xxxxxxxxxxxxxxx [mailto:lartc-admin@xxxxxxxxxxxxxxx]On Behalf Of Paul Wouters Sent: Tuesday, February 27, 2001 3:12 AM To: lartc@xxxxxxxxxxxxxxx Subject: [LARTC] NAT+portfw failure I have the following forced up mew by evil telco problem: - One IP - Homebrew LAN - portforwarding for some services. - extra PPTP/ppp layer to an internal 10.* network which mutilates DNS answers. Setup: Machine A has ip a.b.c.d (real IP) and is reachable over ADSL with it from the world. It does NAT for an internal LAN 192.168.0.0/24) and has portforwading turned on for some ports (eg 80) to 192.168.0.x. The pptp interface has 10.c.d.e. Problem: When on the LAN, pointing to www.whatever.nl resolves to a.b.c.d for everyone, but the Telco's stupid system rewrites it to be 10.c.d.e. A packet is sent with source 192.168.0.y and destination 10.c.d.e. It arrives a the firewall, get's NATTED, and portforwarded. However, the portforwarded destination is on the same interface as the packet came from, and this then generates an icmp unreachable. Is there a way to allow this (on linux 2.2). If not, would 2.4 NAT of the destination address work or have the same simmilar interface problem? Paul, who realises he is too tired to better explain "MXstream, KPN's wonderful horrible ADSL network" -- Just patent your virus and sue the anti-virus companies for reverse enineering it. --- cne_pc@xxxxxxxxxxxxxxxxxxxxxxxxx, in response to Norton's patent on "software updates" _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
