Re: Bridge and port forwarding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I've assigned an ip address to my bridge, just forgot to add this line.

I've made some test and here are the tcpdump results:

Test 1 - 
	Server WAN 192.168.1.110
        |
        |
        LAN 192.168.1.99
        router (port forwarding enabled)
        WAN 192.168.0.99
        |
        |
        LAN 192.168.0.150
        router ISP1 (port forwarding enabled)
        (WAN $$.$$$.$$$.$$)

	
        Desktop ---> switch ---> router ISP2 (WAN host-##-###-###-##.com.pl)

07:22:56.390026 IP host-##-###-###-##.com.pl.48812 > my-server.ssh: F 1000:1000(0) ack 1696 win 165 <nop,nop,timestamp 254208 14408377>
07:22:56.390919 IP my-server.ssh > host-##-###-###-##.com.pl.48812: F 1696:1696(0) ack 1001 win 140 <nop,nop,timestamp 14411426 254208>
07:22:56.411155 IP host-##-###-###-##.com.pl.48812 > my-server.ssh: . ack 1697 win 165 <nop,nop,timestamp 254213 14411426>
07:23:00.463201 IP host-##-###-###-##.com.pl.48813 > my-server.ssh: S 903136994:903136994(0) win 5840 <mss 1460,sackOK,timestamp 255226 0,nop,wscale 6>
07:23:00.463246 IP my-server.ssh > host-##-###-###-##.com.pl.48813: S 148776143:148776143(0) ack 903136995 win 5792 <mss 1460,sackOK,timestamp 14411833 255226,nop,wscale 6>
07:23:00.478059 IP host-##-###-###-##.com.pl.48813 > my-server.ssh: . ack 1 win 92 <nop,nop,timestamp 255230 14411833>
07:23:00.483759 IP my-server.ssh > host-##-###-###-##.com.pl.48813: P 1:40(39) ack 1 win 91 <nop,nop,timestamp 14411835 255230>
07:23:00.501445 IP host-##-###-###-##.com.pl.48813 > my-server.ssh: . ack 40 win 92 <nop,nop,timestamp 255236 14411835>
07:23:00.502330 IP host-##-###-###-##.com.pl.48813 > my-server.ssh: P 1:40(39) ack 40 win 92 <nop,nop,timestamp 255236 14411835>
07:23:00.502514 IP my-server.ssh > host-##-###-###-##.com.pl.48813: . ack 40 win 91 <nop,nop,timestamp 14411837 255236>
07:23:00.503337 IP my-server.ssh > host-##-###-###-##.com.pl.48813: P 40:824(784) ack 40 win 91 <nop,nop,timestamp 14411837 255236>
07:23:00.525540 IP host-##-###-###-##.com.pl.48813 > my-server.ssh: P 40:832(792) ack 40 win 92 <nop,nop,timestamp 255240 14411837>
07:23:00.566232 IP my-server.ssh > host-##-###-###-##.com.pl.48813: . ack 832 win 116 <nop,nop,timestamp 14411843 255240>
07:23:00.587910 IP host-##-###-###-##.com.pl.48813 > my-server.ssh: . ack 824 win 116 <nop,nop,timestamp 255256 14411837>
07:23:00.591374 IP host-##-###-###-##.com.pl.48813 > my-server.ssh: P 832:856(24) ack 824 win 116 <nop,nop,timestamp 255258 14411843>
07:23:00.591392 IP my-server.ssh > host-##-###-###-##.com.pl.48813: . ack 856 win 116 <nop,nop,timestamp 14411846 255258>
07:23:00.593477 IP my-server.ssh > host-##-###-###-##.com.pl.48813: P 824:976(152) ack 856 win 116 <nop,nop,timestamp 14411846 255258>
07:23:00.614536 IP host-##-###-###-##.com.pl.48813 > my-server.ssh: . ack 976 win 141 <nop,nop,timestamp 255264 14411846>
07:23:00.622464 IP host-##-###-###-##.com.pl.48813 > my-server.ssh: P 856:1000(144) ack 976 win 141 <nop,nop,timestamp 255265 14411846>
07:23:00.630837 IP my-server.ssh > host-##-###-###-##.com.pl.48813: P 976:1696(720) ack 1000 win 140 <nop,nop,timestamp 14411850 255265>
07:23:00.705941 IP host-##-###-###-##.com.pl.48813 > my-server.ssh: . ack 1696 win 165 <nop,nop,timestamp 255287 14411850>
07:23:42.595330 IP host-##-###-###-##.com.pl.48813 > my-server.ssh: F 1000:1000(0) ack 1696 win 165 <nop,nop,timestamp 265757 14411850>
07:23:42.596233 IP my-server.ssh > host-##-###-###-##.com.pl.48813: F 1696:1696(0) ack 1001 win 140 <nop,nop,timestamp 14416046 265757>
07:23:42.614668 IP host-##-###-###-##.com.pl.48813 > my-server.ssh: . ack 1697 win 165 <nop,nop,timestamp 265765 14416046>
07:23:47.594202 arp who-has my-server tell 192.168.1.99
07:23:47.594214 arp reply my-server is-at 00:1a:4b:51:fa:17 (oui Unknown)
07:25:45.592713 IP my-server.45565 > 192.168.1.99.domain: 29543+ PTR? 31.0.168.192.in-addr.arpa. (43)
07:25:45.605938 IP 192.168.1.99.domain > my-server.45565: 29543 NXDomain 0/0/0 (43)
07:25:45.706550 IP my-server.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 31.0.168.192.in-addr.arpa. (43)
07:25:46.707834 IP my-server.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 31.0.168.192.in-addr.arpa. (43)
07:25:48.710117 IP my-server.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 31.0.168.192.in-addr.arpa. (43)
07:25:50.587801 arp who-has 192.168.1.99 tell my-server
07:25:50.587970 arp reply 192.168.1.99 is-at 00:1d:0f:f1:88:6c (oui Unknown)


Test 2 - 
	Server WAN 192.168.1.110
        |
        |
        LAN 192.168.1.99
        router (port forwarding enabled)
        WAN 192.168.0.99
        |
        |
        LAN 192.168.0.150
        router ISP2 (port forwarding enabled)
        (WAN host-##-###-###-##.com.pl)

	
        Desktop ---> switch ---> router ISP2 (WAN $$.$$$.$$$.$$)


07:34:46.453033 IP 192.168.0.150.28215 > my-server.ssh: S 3374008677:3374008677(0) win 5840 <mss 1460,sackOK,timestamp 431732 0,nop,wscale 6>
07:34:46.453650 IP my-server.52286 > 192.168.1.99.domain: 9316+ PTR? 150.0.168.192.in-addr.arpa. (44)
07:34:46.458183 IP 192.168.1.99.domain > my-server.52286: 9316 NXDomain* 0/1/0 (96)
07:34:46.558818 IP my-server.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 150.0.168.192.in-addr.arpa. (44)
07:34:47.560216 IP my-server.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 150.0.168.192.in-addr.arpa. (44)
07:34:49.449615 IP 192.168.0.150.28215 > my-server.ssh: S 3374008677:3374008677(0) win 5840 <mss 1460,sackOK,timestamp 432482 0,nop,wscale 6>
07:34:49.562576 IP my-server.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 150.0.168.192.in-addr.arpa. (44)
07:34:51.447806 arp who-has 192.168.1.99 tell my-server
07:34:51.447928 arp reply 192.168.1.99 is-at 00:1d:0f:f1:88:6c (oui Unknown)
07:34:51.460918 IP my-server.39609 > 192.168.1.99.domain: 6688+ PTR? 99.1.168.192.in-addr.arpa. (43)
07:34:51.485944 IP 192.168.1.99.domain > my-server.39609: 6688 NXDomain* 0/1/0 (95)
07:34:51.596437 IP my-server.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 99.1.168.192.in-addr.arpa. (43)
07:34:52.597752 IP my-server.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 99.1.168.192.in-addr.arpa. (43)
07:34:53.094496 arp who-has 192.168.1.120 tell 192.168.1.99
07:34:54.094421 arp who-has 192.168.1.120 tell 192.168.1.99
07:34:54.599136 IP my-server.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 99.1.168.192.in-addr.arpa. (43)
07:34:55.094349 arp who-has 192.168.1.120 tell 192.168.1.99
07:34:55.451650 IP 192.168.0.150.28215 > my-server.ssh: S 3374008677:3374008677(0) win 5840 <mss 1460,sackOK,timestamp 433982 0,nop,wscale 6>
07:34:56.498449 IP my-server.45687 > 192.168.1.99.domain: 29498+ PTR? 251.0.0.224.in-addr.arpa. (42)
07:34:56.724035 IP 192.168.1.99.domain > my-server.45687: 29498 NXDomain 0/1/0 (100)
07:34:56.824541 IP my-server.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 251.0.0.224.in-addr.arpa. (42)
07:34:57.825866 IP my-server.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 251.0.0.224.in-addr.arpa. (42)
07:34:59.827240 IP my-server.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 251.0.0.224.in-addr.arpa. (42)
07:35:01.726629 IP my-server.57079 > 192.168.1.99.domain: 1230+ PTR? 120.1.168.192.in-addr.arpa. (44)
07:35:01.751267 IP 192.168.1.99.domain > my-server.57079: 1230 NXDomain* 0/1/0 (96)
07:35:01.851999 IP my-server.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 120.1.168.192.in-addr.arpa. (44)
07:35:02.853355 IP my-server.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 120.1.168.192.in-addr.arpa. (44)
07:35:04.853879 IP my-server.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 120.1.168.192.in-addr.arpa. (44)
07:35:07.447310 IP 192.168.0.150.28215 > my-server.ssh: S 3374008677:3374008677(0) win 5840 <mss 1460,sackOK,timestamp 436982 0,nop,wscale 6>



my-server.ssh = 192.168.1.110.22


In Test 2 the SSH connection request is forwarded through the ISP2 router (LAN 192.168.0.150), which is configured by my internet provider.
The server isn't answering on the ssh request, when the LAN bridge is enabled.
I'm not an advanced linux specialist, but I think the reason for this problem is caused by the ISP2 router. Before I start arguing with my internet provider I want to check if this isn't caused by the bridge.
On my old internet connection ISP1 the ssh request is also forwarded, but the package source address has an outside IP address not a local one like in the second test. In Test 1 server answers on the ssh request and everything works (LAN bridge enabled).


Dnia 28 marca 2010 5:00 Stephen Hemminger <shemminger@xxxxxxxxxxxxxxxxxxxx> napisał(a):

> On Mon, 22 Mar 2010 13:41:19 +0100
> Olek <ned_wed@xxxxx> wrote:
> 
> > Hi,
> > I'm stuck with the configuration of my server.
> > Currently my network is set up like this:
> > 
> > 
> > Internet 
> >   |
> >   |
> > Router
> > (WAN 192.168.0.99, LAN 192.168.1.99, 
> > port forwarding 1-65535)
> >   |
> >   |
> > Ubuntu Server 64-bit
> > (WAN(eth0) 192.168.1.110, LAN-bridge(eth1,eth2) 192.168.0.110)
> > 
> > 
> > Description of the problem:
> > When I connect my desktop to the router LAN and try to access FTP, SSH or others the server answers correct (brigde enabled).
> > When I try to access the server from the Internet, i get no answer.
> > When the bridge is disabled I can easily access SSH or FTP from the Internet.
> > 
> > My bridge config:
> > ifconfig eth1 promisc up
> > ifconfig eth2 promisc up
> 
> Unnecessary step. Bridge has done this automatically for at least
> 5 years, probably more. But old instructions never die.
> 
> > brctl addbr mybridge
> > brctl addif mybridge eth1
> > brctl addif mybridge eth2
> > 
> > The firewall is disabled, to get sure it's not blocking network traffic.
> > Maybe someone knows what's causing this problem?
> 
> You need to assign IP address to br0, not the ethernets in the bridge?
> 


_______________________________________________
Bridge mailing list
Bridge@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/bridge
[Index of Archives]     [Netdev]     [AoE Tools]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]     [Video 4 Linux]

  Powered by Linux