[VLAN] NAT over vlan problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have a memory that there were some problems with destination nat  
but source nat works ie
iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -j SNAT --to-source  
[external ip]
works.

You dont say what rules you are using for nat so it is not clear...

On 3 Aug 2005, at 23:39, Jamie ffolliott wrote:

> I have a strange problem, in that NAT isn't working over a vlan  
> interface.
> vlan4 is on eth0 and works fine locally for all network access, and  
> is nat'd
> for clients connecting over eth1.  Ping's work over NAT, but http  
> requests
> get no reply and time out on the nat'd client.
>
> My NIC that's on the vlan is using the intel e100 driver,  
> (previously the
> eepro100 driver)
> e100: Intel(R) PRO/100 Network Driver, 3.3.6-k2-NAPI
> e100: Copyright(c) 1999-2004 Intel Corporation
> PCI: Found IRQ 15 for device 0000:00:03.0
> PCI: Sharing IRQ 15 with 0000:00:02.2
> e100: eth0: e100_probe: addr 0xf3bff000, irq 15, MAC addr 00:04:AC: 
> 3A:39:2E
> PCI: Found IRQ 11 for device 0000:00:12.0
> PCI: Sharing IRQ 11 with 0000:01:01.0
> e100: eth1: e100_probe: addr 0xf3cfe000, irq 11, MAC addr  
> 00:D0:B7:C8:A0:C1
>
> The switch is a 3com superstack 1100, with several vlan's  
> functioning just
> fine.  All vlan interfaces and eth0 have mtu set to 1480, to deal with
> oversize ethernet frames from 802.1q's extra 4byte header.
>
> cherry:~# cat /proc/net/vlan/vlan4
> vlan4  VID: 4    REORDER_HDR: 1  dev->priv_flags: 1
>          total frames received:           33
>           total bytes received:         9806
>       Broadcast/Multicast Rcvd:            0
>
>       total frames transmitted:           12
>        total bytes transmitted:         1488
>             total headroom inc:            0
>            total encap on xmit:           12
> Device: eth0
> INGRESS priority mappings: 0:0  1:0  2:0  3:0  4:0  5:0  6:0 7:0
> EGRESSS priority Mappings:
>
> Are there any other issues I should know about with nat on a vlan  
> iface?
> What can I do to troubleshoot this?
>
> Here's a tcp dump of an http request from a nat'd client (aspen):
>
> cherry:~# tcpdump -i vlan4 -n
> tcpdump: verbose output suppressed, use -v or -vv for full protocol  
> decode
> listening on vlan4, link-type EN10MB (Ethernet), capture size 96 bytes
> 18:02:44.078661 IP 24.150.175.20.2945 > 207.68.171.245.80: S
> 944680509:944680509(0) win 16384 <mss 460,nop,nop,sackOK>
> 18:02:44.151547 IP 207.68.171.245.80 > 24.150.175.20.2945: S
> 897552820:897552820(0) ack 944680510 win 16384 <mss  
> 1460,nop,nop,sackOK>
> 18:02:47.288473 IP 24.150.175.20.2945 > 207.68.171.245.80: S
> 944680509:944680509(0) win 16384 <mss 1460,nop,nop,sackOK>
> 18:02:47.348261 IP 207.68.171.245.80 > 24.150.175.20.2945: S
> 897552820:897552820(0) ack 944680510 win 16384 <mss  
> 1460,nop,nop,sackOK>
> 18:02:53.851230 IP 24.150.175.20.2945 > 207.68.171.245.80: S
> 944680509:944680509(0) win 16384 <mss 1460,nop,nop,sackOK>
> 18:02:53.911135 IP 207.68.171.245.80 > 24.150.175.20.2945: S
> 897552820:897552820(0) ack 944680510 win 16384 <mss  
> 1460,nop,nop,sackOK>
> 18:03:06.978910 IP 24.150.175.20.2946 > 207.68.173.254.80: S
> 1127197685:1127197685(0) win 16384 <mss 1460,nop,nop,sackOK>
> 18:03:07.057326 IP 207.68.173.254.80 > 24.150.175.20.2946: S
> 2453967774:2453967774(0) ack 1127197686 win 8190 <mss 1460>
> 18:03:10.258109 IP 24.150.175.20.2946 > 207.68.173.254.80: S
> 1127197685:1127197685(0) win 16384 <mss 1460,nop,nop,sackOK>
> 18:03:10.335541 IP 207.68.173.254.80 > 24.150.175.20.2946: S
> 2453967774:2453967774(0) ack 1127197686 win 8190 <mss 1460>
> 18:03:16.820850 IP 24.150.175.20.2946 > 207.68.173.254.80: S
> 1127197685:1127197685(0) win 16384 <mss 1460,nop,nop,sackOK>
> 18:03:16.897891 IP 207.68.173.254.80 > 24.150.175.20.2946: S
> 2453967774:2453967774(0) ack 1127197686 win 8190 <mss 1460>
> 18:04:53.952053 IP 207.68.171.245.80 > 24.150.175.20.2945: R 0:0(0)  
> win 0
>
> and this is what aspen see's (the nat client),
>
> cherry:~# tcpdump -i eth1 -n | grep 192.168.1.62
> tcpdump: verbose output suppressed, use -v or -vv for full protocol  
> decode
> listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
> 18:02:44.078556 IP 192.168.1.62.2945 > 207.68.171.245.80: S
> 944680509:944680509(0) win 16384 <mss 1460,nop,nop,sackOK>
> 18:02:47.288419 IP 192.168.1.62.2945 > 207.68.171.245.80: S
> 944680509:944680509(0) win 16384 <mss 1460,nop,nop,sackOK>
> 18:02:53.851181 IP 192.168.1.62.2945 > 207.68.171.245.80: S
> 944680509:944680509(0) win 16384 <mss 1460,nop,nop,sackOK>
> 18:03:06.978831 IP 192.168.1.62.2946 > 207.68.173.254.80: S
> 1127197685:1127197685(0) win 16384 <mss 1460,nop,nop,sackOK>
> 18:03:10.258059 IP 192.168.1.62.2946 > 207.68.173.254.80: S
> 1127197685:1127197685(0) win 16384 <mss 1460,nop,nop,sackOK>
> 18:03:16.820799 IP 192.168.1.62.2946 > 207.68.173.254.80: S
> 1127197685:1127197685(0) win 16384 <mss 1460,nop,nop,sackOK>
>
> Note here that the reply comes back from the webserver on vlan4,  
> but it's
> never translated and sent back to the client on eth1.
>
> Any help is much appreciated.
>
> regards,
> Jamie
>
>
> _______________________________________________
> Vlan mailing list
> Vlan@xxxxxxxxxxxxxxx
> http://www.lanforge.com/mailman/listinfo/vlan
>


[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]     [Video 4 Linux]

  Powered by Linux