Re: Hanging outgoing connections while incoming are OK

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 2012-02-01 at 16:40 +0100, Guido Anzuoni wrote:
> On Tue, Jan 31, 2012 at 6:37 PM, Andrew Beverley <andy@xxxxxxxxxxx> wrote:
> > On Sat, 2012-01-28 at 09:39 +0100, Guido Anzuoni wrote:
> > ...
> >> fw default gateway: 10.254.254.2
> >> fw eth0: 10.254.254.1, PUB_IP_OUTGOING, PUB_IP_OUTGOING
> > ...
> >> My doubt is about eth0 configuration where I bind multiple addresses,
> >> an internal one and all the public assigned by the ISP.
> >> Is it a correct setup ?
> >
> > Unless I'm misunderstanding something, this does seem like a strange set
> > up. Why not just have the one IP address on eth0? Do the Cisco routers
> > also have an external IP address? Are these 2 completely independent WAN
> > links? If so, how is traffic shared between them?
> >
> > Sorry for all the questions, but I'm not entirely understanding your set
> > up and what you are trying to achieve.

[please don't top-post]

> The intended setup was
> fw eth0: 10.254.254.1, PUB_IP_INCOMING, PUB_IP_OUTGOING
> 
> I have used 1 public ip for incoming connections and 1 ip to
> "masquerade" outgoing ones.
> I don't know if it is necessary to bind public ip to some NIC in order
> to let netfilter NAT work properly.

I'm still confused as to what you are trying to achieve with this set
up, and why you have several IP addresses eth0. I would suggest that
this is the cause of your problems.

> It seems like some packets start going round and round before arriving
> to destination.

Which would explain why you are seeing this.

Why not just have one public IP address on eth0 only? And then use that
for incoming and outgoing connections, at least until you've got it
working?

Something like:


[Internal
 interfaces]   __________
--------------|          |eth0
              |  Linux   |(PUB_IP_INCOMING only)
--------------|   Box    |------------------------->ISP Cisco router
              |          |      ^
--------------|__________|      |
                                |
                               SNAT here to PUB_IP_INCOMING

Andy


--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux