l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
August 5: Social gathering
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2001 Dec 30 17:08

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Linux as gateway
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Linux as gateway



begin: Terminator <jimmyzhou@bigfoot.com> quote
> 
> On Mon, 27 Aug 2001, Peter Jay Salzman wrote:
> 
> > make sure you understand that tcpdump tells you which direction the
> > packets are going.  basically, what you're looking for is:
> >
> > 1. ping packets coming from the internal machine being received by the gw's
> >    internal nic.
> >
> > if that works, you're looking for...
> >
> > 2. the ping packets leaving the gw's external nic bound for the internet.
> >
> > if that works, you're looking for...
> >
> > 3. the echo packets coming back to the gw's external nic
> >
> > if that works, you're looking for...
> >
> > 4. the echo packets leaving the gw's internal nic.
> >
> > if that works, you're looking for...
> >
> > 5. echo packets being received by the internal machine.
> >
> >
> > which of these steps is broken?
> 
> It seems the 3rd step is broken. I run tcpdump on both gateway
> and an external machine.
> 
> On gateway, tcpdump capture the echo request package, but no
> reply packages.
> 
> On external machine, tcpdump capture both request and reply
> packages. The src ip of request packages is the internal ip.

ok, so we've identified the problem pretty accurately:

  the gateway is sending packets to the net with its own internal IP address.

  we'd like the gateway to send packets with its own external IP address.

> If I ping gateway from the external machine directly, both
> tcpdump capture all request and reply packages.
> 
> Maybe it's because the internal ip of the reply packages make
> it be dropped on some router?

at this point, we need someone who knows iptables (or you should enable
ipchains support in the kernel).  i know that iptables has some pretty
powerful packet header rewriting capability, but i've never played with it.

did you try jan's script?   jan, do you know iptables?

anyone?

pete

-- 
"The following addresses had permanent fatal errors..."      p@dirac.org
                               -- Mailer Daemon              www.dirac.org/p


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.