Woops - my fat fingers hit the send key before I could put in a subject
a minute ago.
Hello -
I am using kernel 2.4.27 and running into behavior I don't know how to
explain.
I have 2 relevant interfaces. eth0 is external, eth1 is internal. My
internal LAN is 10.10.10.0/24. My External range is 1.2.3.0/27 (dummied
up). I have an H.323 videoconference device inside my internal LAN, but
at IP Address 1.2.3.11/27. (IP Address dummied up.) I want to proxy
ARP this device.
Both eth0 and eth1 on my firewall have IP Addresses 1.2.3.2/27. eth1
also has IP Address 10.10.10.1/24 and is the default gateway for all my
internal hosts. The router outside my firewall is 1.2.3.1.
So the network looks like this (apologies if email butchers my ASCII
art):
10.10.10.0/27 1.2.3.0/27
10.10.10.n
internal hosts
|
<----+-----+--------+ +-------+------>to the Internet
| | | |
Proxied | | |
H.323 device Firewall Router
eth1 eth0
1.2.3.11 10.10.10.1 1.2.3.2 1.2.3.1
1.2.3.2
/proc/sys/net/ipv4/conf/eth0/proxy_arp is 1.
/proc/sys/net/ipv4/conf/eth1/proxy_arp is 1.
My firewall has a route to 1.2.3.11 dev eth1.
The host at 1.2.3.11 has a default GW of 1.2.3.1.
This is where it gets weird. The H.323 device should exchange a few TCP
packets with the far end and then thousands of UDP packets. And I
should see this stream on the firewall watching both interfaces.
I run tcpdump in two different windows on the firewall - one for eth1,
the other for eth0. When I initiate an outbound H.323 call from the
device at .11, tcpdump on the firewall shows TCP packets flying on eth1,
but nothing on eth0 - almost all the time. Calls don't complete most of
the time, although one call kind of completed. Watching on the
firewall, I saw a TCP conversation on eth1, but nothing on eth0. Very
strange! One time a call completed all the way and UDP started flying -
as it should. I saw a few UDP packets on eth0 and lots (thousands) of
UDP packets on eth1. For the call that really completed, I would expect
to see thousasnds of UDP packets on both eth0 and eth1 - but instead saw
only a few on eth0.
This behavior happens even with no firewall filtering rules in place.
My NATed 10.10.10.nn internal hosts work fine - in fact, my email server
posting this item to the list is one of those hosts.
The obvious question - why such an old kernel? Because it's worked for
everything I need so far and every 2.6.nn I try has other bugs with one
module or another.
My questions - was proxy ARP broken in the 2.4.27 days? Why doen't
tcpdump show me packets on both interfaces of the firewall? Am I
missing a setup ingredient someplace? Should the default GW on that
H.323 device be .2 (the firewall) or .1 (the Internet router)? Does
mixing NAT and proxy ARP create problems? Should I put the H.323 device
in its own little DMZ?
Thanks
- Greg Scott
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
