Re: [Masq] Interface problem

Wed, 28 Mar 2001 19:56:32 -0800 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


Victoria Babinsky wrote:

> > On 13 Mar 2001, Victoria Babinsky wrote:
> >  
> > > It is masquerading traffic from 192.168.200.0/24 and it works OK, but I
> > > cannot ping its own internal interface from this machine, 192.168.200.1,
> > 
> > I don't quite understand the problem.  It sounds like you are trying to ping
> > "192.168.200.1", but it is not clear what machine you are running ping on. 
> > You might be saying that the Linux machine (192.168.200.1) cannot ping itself,
> > but that doesn't seem possible.
> 
> Yes it sounds unbelivable but this is what is happening.
> 192.168.200.1 is a linux box masquerading for all 192.168.200.0/24 class
> I login in this linux box, I ping the address of eth0 (the external IP)
> and it answers OK, I ping its own internal address (eth1) 192.168.200.1
> and I get no answer. From this same linux box I pinged 192.168.200.2 and   
> other internal PCs and No answer. 
> From 192.168.200.2 (Win98 masq client) I ping 192.168.200.1 (linux masq
> sever) and it answers OK.
> 
> Even though it is masq traffic OK I think that something is not as it
> should be, but I don't know what.
> 
> Now that I'm writing this I think if having all services blocked in
> hosts.deny for ALL EXCEPT LOCAL could prevent pinging itself
> But why  would it accept a local ping to one interface (eth0) and not
> to the other one (eth1) and why would it accept a ping from 192.168.200.2

hosts.deny only affects inetd. it has no effect on icmp.
since eth0 is pingable from other hosts, it sounds as
though you have a rogue ipchains rule that is blocking
pings from lo to eth0. is that at all possible? does
"ipchains -Lnv" mention anything other than masquerading
rules? i can't think of anything that it could be.

raf

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to