Mike Almogy wrote:
> please understand,
> as far as i know you cannot use linux as a router without some basic access
> rules.
> the basic rule set can be found at the ip-masquerading HOWTO.
I read the HOWTO.
And as far as I know there is _no_ need for any ipchains rules, but
_only_ a proper routing table and ip-forwarding enabled
(for example: cat "1" > /proc/sys/net/ipv4/ip_forward )
Thanks,
-- Meir
>
>
> You will also need to install a kernel with the proper settings such as
> masquerading support and ip forwarding.
>
> PLEASE read the HOWTO !!!
>
>
> Mike
> ----- Original Message -----
> From: "Meir" <[EMAIL PROTECTED]>
> To: "Mike Almogy" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Thursday, June 15, 2000 2:54 PM
> Subject: Re: SYN/ACK not forwarded to 2nd NIC
>
> > Mike Almogy wrote:
> >
> > > You MUST use masquerading, else ware it will not work.
> > > I have the same configuration as you shown at my home.
> > >
> > > Mike
> >
> > Ok, let me precise: the addresses (192.168.x.x) I gave on the figure
> > don't try to reach the Internet.
> > I just use these addresses for testing in a lab.
> >
> > Thanks again,
> >
> > -- Meir
> >
> >
> > > ----- Original Message -----
> > > From: "Meir" <[EMAIL PROTECTED]>
> > > To: "Mike Almogy" <[EMAIL PROTECTED]>
> > > Cc: "Linux-il" <[EMAIL PROTECTED]>
> > > Sent: Thursday, June 15, 2000 1:40 PM
> > > Subject: Re: SYN/ACK not forwarded to 2nd NIC
> > >
> > > > Mike Almogy wrote:
> > > >
> > > > > Hi.
> > > > >
> > > > > did you configured the kernel with IPCHAINS as needed ?
> > > > >
> > > > > You can read the IP-MASQUERADING HOWTO , there is a detailed
> examples
> > > how to
> > > > > do it.
> > > > > you need some rules in order to let Linux know that it supposed to
> do
> > > the
> > > > > masquerading from one net to the other.
> > > >
> > > > Thanks for your answer, Mike,
> > > >
> > > > For now no masquerading is taking place: all rules default to ACCEPT.
> > > >
> > > > -- Meir
> > > >
> > > > > ----- Original Message -----
> > > > > From: "Meir" <[EMAIL PROTECTED]>
> > > > > To: <[EMAIL PROTECTED]>
> > > > > Sent: Thursday, June 15, 2000 12:20 PM
> > > > > Subject: SYN/ACK not forwarded to 2nd NIC
> > > > >
> > > > > > Hi,
> > > > > >
> > > > > > I have a curious problem.
> > > > > >
> > > > > > My box (linux) is trying to send mail to a target.
> > > > > > Between my box and the target there is a linux box 2.2.12
> > > > > > with 4 NICs but (for now) _without_ any filtering rules
> > > > > > at all (all default to ACCEPT).
> > > > > >
> > > > > > Only 2 NICs are up: eth0 to external net and eth1 to internal net.
> > > > > >
> > > > > > The problem is that when I tcpdump the 2 NICs from this
> middle-box,
> > > > > > I can see a SYN getting out from eth1 and then passed to eth0
> > > > > > (ip forwarding is enabled), and then I receive a SYN/ACK from the
> > > > > > target box via eth0, but this SYN/ACK _never_ reach
> > > > > > eth1 (which point to internal net) !!!
> > > > > >
> > > > > > The figure describe what's happen:
> > > > > >
> > > > > > ___________________
> > > > > > | |
> > > > > > | <- SYN |<- SYN <- SYN | |
> 192.168.9.133
> > > > > > Target | |eth0 eth1 |----------| My box
> > > > > > | 192.168.0.29 192.168.9.150 | run
> > > > > > | SYN/ACK -> | -> ??? | | telnet
> Target 25
> > > > > > |_____________ ____|
> > > > > >
> > > > > > ^
> > > > > > |
> > > > > > |_____ SYN/ACK never reach
> eth1
> > > !!!
> > > > > >
> > > > > > # /sbin/route
> > > > > >
> > > > > > Kernel IP routing table
> > > > > > Destination Gateway Genmask Flags Metric Ref
> > > Use
> > > > > > Iface
> > > > > > 192.168.0.29 * 255.255.255.255 UH 0 0
> > > 0
> > > > > > eth0
> > > > > > 192.168.9.150 * 255.255.255.255 UH 0 0
> > > 0
> > > > > > eth1
> > > > > > 192.168.0.24 * 255.255.255.248 U 0 0
> > > 0
> > > > > > eth0
> > > > > > 192.168.9.128 * 255.255.255.224 U 0 0
> > > 0
> > > > > > eth1
> > > > > > 127.0.0.0 * 255.0.0.0 U 0 0
> > > 0
> > > > > > lo
> > > > > > default 192.168.0.25 0.0.0.0 UG 0 0
> > > 0
> > > > > > eth0
> > > > > >
> > > > > > eth0: 192.168.0.29 netmask 255.255.255.248
> > > > > > eth1: 192.168.9.150 netmask 255.255.255.224
> > > > > > default route: 192.168.0.25
> > > > > >
> > > > > > My box: 192.168.9.133 netmask 255.255.255.224
> > > > > > default route: 192.168.9.150
> > > > > >
> > > > > > The same thing occures when telneting Target on ports 7/9/79
> etc...
> > > > > >
> > > > > > _But_ when I telnet Target 80 or 21 from My Box, it works !
> > > > > > Why ?
> > > > > > Sure, I am missing something, but what ?
> > > > > >
> > > > > > I try with kernel 2.2.5, 2.2.12, 2.2.14.
> > > > > >
> > > > > > /proc/sys/net/ipv4/conf/{all,eth*}/rp_filter are set to 1
> > > > > > /proc/sys/net/ipv4/ip_forward is set to 1
> > > > > >
> > > > > > Thanks in advance,
> > > > > >
> > > > > > -- Meir
> > > > > >
> > > > > >
> >
> >
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
