Re: Help: iptables NAT broken with pppoe

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

Fist, thanks a lot for your reply!

Am 07.05.05 08:12 schrieb(en) Taylor, Grant:
I'm not sure why it's happening but your PMac G4 system is sending reset packets in response to the responses from the server.

Ouch! That's indeed very strange. I can only repeat that it *did* work using isdn, so apparently there is some pppoe related porblem?

Have you tried using an SNAT rule temporarily on your POSTROUTING chain to see if the problem is with the MASQUERADE rule? 

Same effect - replaced the masquerade rule by

ppp0ip=84.44.130.37
iptables -t nat -A POSTROUTING -s 192.168.42.0/24 -o ppp0 -j SNAT \
- --to-source $ppp0ip

but tcpdump still reports

21:50:33.986790 IP 84.44.130.37.49224 > 213.95.27.115.80: S 3806917882:3806917882(0) win 65535 <mss 1452,nop,wscale 0,nop,nop,timestamp 380633236 0>
21:50:34.047457 IP 213.95.27.115.80 > 84.44.130.37.49224: S 118817856:118817856(0) ack 3806917883 win 5792 <mss 1460,nop,nop,timestamp 1571974157 380633236,nop,wscale 2>
21:50:34.047558 IP 84.44.130.37.49224 > 213.95.27.115.80: R 3806917883:3806917883(0) win 0

The modules ipt_MASQUERADE and iptable_nat *are* loaded, btw.

Also, what is your "echo 2 > /proc/sys/net/ipv4/ip_dynaddr" doing for you?

I don't see any messages in /var/log messages or in dmesg, if you mean that. Or did I miss your point here? I found some howto where they stated this would be necessary...

You might want to check to make sure that reverse path filtering
is not turned on by default. You might also want to turn on verbose routing messages to see if there is any thing useful being reported.

Hmmm, can you tell me how I actually check reverse path filtering and turn debugging on? Sorry, I'm neither a iptables nor a kernel guru :-/

Thanks a lot for your help,

cheers, Albrecht.

- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Albrecht Dreß - Johanna-Kirchner-Straße 13 - D-53123 Bonn (Germany)
Phone (+49) 228 6199571 - mailto:albrecht.dress@xxxxxxxx
GnuPG public key: http://home.arcor.de/dralbrecht.dress/pubkey.asc
_________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCfR5On/9unNAn/9ERAq1EAJ9LcwjnujvlQRKzne9m8Q64bYY1VQCdHxNk
Ddfy9kIaOz/9IssqpR74iK4=
=ENLW
-----END PGP SIGNATURE-----




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux