RE: [LARTC] NAT+portfw failure

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



yeah i think i get the saame thing when routing 10. to 192.168.1.

the packet wont go backwards.  is it a performance question?
i seem to only get this when there is no traffic.

i have a single external int w/ ipmasq. Portforwarded servers are 192.168.1.
My private Lan is 10.*



00:07:15.730063   lo < Oort.miranda.opz > Oort.miranda.opz: icmp: host
10.0.0.255 unreachable [tos 0xc0]
00:07:15.730099   lo < Oort.miranda.opz > Oort.miranda.opz: icmp: host
10.0.0.255 unreachable [tos 0xc0]
00:07:19.730396   lo > Oort.miranda.opz > Oort.miranda.opz: icmp: host
10.0.0.255 unreachable [tos 0xc0]
00:07:19.730439   lo > Oort.miranda.opz > Oort.miranda.opz: icmp: host
10.0.0.255 unreachable [tos 0xc0]
00:07:19.730464   lo > Oort.miranda.opz > Oort.miranda.opz: icmp: host
10.0.0.255 unreachable [tos 0xc0]
00:07:19.730396   lo < Oort.miranda.opz > Oort.miranda.opz: icmp: host
10.0.0.255 unreachable [tos 0xc0]


-----Original Message-----
From: lartc-admin@xxxxxxxxxxxxxxx [mailto:lartc-admin@xxxxxxxxxxxxxxx]On
Behalf Of Paul Wouters
Sent: Tuesday, February 27, 2001 3:12 AM
To: lartc@xxxxxxxxxxxxxxx
Subject: [LARTC] NAT+portfw failure


I have the following forced up mew by evil telco problem:

- One IP
- Homebrew LAN
- portforwarding for some services.
- extra PPTP/ppp layer to an internal 10.* network which mutilates DNS
  answers.

Setup:

Machine A has ip a.b.c.d (real IP) and is reachable over ADSL with it from
the world. It does NAT for an internal LAN 192.168.0.0/24) and has
portforwading
turned on for some ports (eg 80) to 192.168.0.x. The pptp interface has
10.c.d.e.

Problem: When on the LAN, pointing to www.whatever.nl resolves to a.b.c.d
for
everyone, but the Telco's stupid system rewrites it to be 10.c.d.e. A packet
is sent with source 192.168.0.y and destination 10.c.d.e. It arrives a the
firewall, get's NATTED, and portforwarded. However, the portforwarded
destination is on the same interface as the packet came from, and this then
generates an icmp unreachable.

Is there a way to allow this (on linux 2.2). If not, would 2.4 NAT of the
destination address work or have the same simmilar interface problem?

Paul, who realises he is too tired to better explain "MXstream, KPN's
wonderful horrible ADSL network"

--
Just patent your virus and sue the anti-virus companies for reverse
enineering it.
                  --- cne_pc@xxxxxxxxxxxxxxxxxxxxxxxxx, in response to
Norton's
                      patent on "software updates"


_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://ds9a.nl/2.4Routing/




[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux