/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */ Hi, I've got a problem about masquerading that drives me really crazy. I've got a Linux router (IP 192.168.200.10 with an ISDN card; Kernel 2.2.18, SuSE 6.3) and a Linux client (IP: 192.168.200.1; Kernel 2.2.18, SuSE 6.3). I run ipchains -A forward -s 192.168.200.0/24 -j MASQ on the router, and the masquerading works perfectly while I'm online. But when I disconnect the router and ping an internet address on the client, I won't get a reply. I tried to block outgoing packets manually: ipchains -A input -d ! 192.168.200.10 -j REJECT This should reject all packets that enter the router and are destined for an internet ip address. I try to ping an internet address form the client: client> ping 100.100.100.100 PING 100.100.100.100 (100.100.100.100): 56 data bytes --- 100.100.100.100 ping statistics --- 6 packets transmitted, 0 packets received, 100% packet loss So I don't get the reject, but the packet is denied. I used 'tcpdump -i eth0' on the client to see what's going on: 16:21:47.769262 colin > 100.100.100.100: icmp: echo request 16:21:47.770095 router > colin: icmp: 100.100.100.100 protocol 1 port 55504 unreachable [tos 0xc0] (colin is the client, router the router). colin sends a ping to 100.100.100.100, and the router returns a packet, but the client seems to ignore it - ping continues to send packets and doesn't show an error message. What's wrong?? This is really driving me crazy! -- Matthias Bezold _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
