l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2001 Dec 30 17:08

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Linux as gateway
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Linux as gateway

begin: Terminator <jimmyzhou@bigfoot.com> quote
> On Mon, 27 Aug 2001, Peter Jay Salzman wrote:
> > make sure you understand that tcpdump tells you which direction the
> > packets are going.  basically, what you're looking for is:
> >
> > 1. ping packets coming from the internal machine being received by the gw's
> >    internal nic.
> >
> > if that works, you're looking for...
> >
> > 2. the ping packets leaving the gw's external nic bound for the internet.
> >
> > if that works, you're looking for...
> >
> > 3. the echo packets coming back to the gw's external nic
> >
> > if that works, you're looking for...
> >
> > 4. the echo packets leaving the gw's internal nic.
> >
> > if that works, you're looking for...
> >
> > 5. echo packets being received by the internal machine.
> >
> >
> > which of these steps is broken?
> It seems the 3rd step is broken. I run tcpdump on both gateway
> and an external machine.
> On gateway, tcpdump capture the echo request package, but no
> reply packages.
> On external machine, tcpdump capture both request and reply
> packages. The src ip of request packages is the internal ip.

ok, so we've identified the problem pretty accurately:

  the gateway is sending packets to the net with its own internal IP address.

  we'd like the gateway to send packets with its own external IP address.

> If I ping gateway from the external machine directly, both
> tcpdump capture all request and reply packages.
> Maybe it's because the internal ip of the reply packages make
> it be dropped on some router?

at this point, we need someone who knows iptables (or you should enable
ipchains support in the kernel).  i know that iptables has some pretty
powerful packet header rewriting capability, but i've never played with it.

did you try jan's script?   jan, do you know iptables?



"The following addresses had permanent fatal errors..."      p@dirac.org
                               -- Mailer Daemon              www.dirac.org/p

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!