Re: [Masq] Problem: When offline I won't get "network unreachable" on the client

Tue, 17 Apr 2001 03:54:25 -0700 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


Matthias Bezold wrote:

> Hi,
> 
> I've got a problem about masquerading that drives me really crazy. I've
> got a Linux router (IP 192.168.200.10 with an ISDN card; Kernel 2.2.18,
> SuSE 6.3) and a Linux client (IP: 192.168.200.1; Kernel 2.2.18, SuSE
> 6.3). I run
> 
> ipchains -A forward -s 192.168.200.0/24 -j MASQ
> 
> on the router, and the masquerading works perfectly while I'm online.
> But when I disconnect the router and ping an internet address on the
> client, I won't get a reply. I tried to block outgoing packets manually:
> 
> ipchains -A input -d ! 192.168.200.10 -j REJECT
> 
> This should reject all packets that enter the router and are destined
> for an internet ip address. I try to ping an internet address form the
> client: 
> 
> client> ping 100.100.100.100
> PING 100.100.100.100 (100.100.100.100): 56 data bytes
> --- 100.100.100.100 ping statistics ---
> 6 packets transmitted, 0 packets received, 100% packet loss
> 
> So I don't get the reject, but the packet is denied. I used 'tcpdump -i
> eth0' on the client to see what's going on:
> 
> 16:21:47.769262 colin > 100.100.100.100: icmp: echo request
> 16:21:47.770095 router > colin: icmp: 100.100.100.100 protocol 1 port
> 55504 unreachable [tos 0xc0]
> 
> (colin is the client, router the router). colin sends a ping to
> 100.100.100.100, and the router returns a packet, but the client seems
> to ignore it - ping continues to send packets and doesn't show an error
> message.
> 
> What's wrong?? This is really driving me crazy!
> 
> -- 
> Matthias Bezold

is client a windows host? they always ignore packets
like this. reject only works for linux clients and
other hosts that understand tcp/ip properly.

you shoudl reload your masq/script when the interface
goes down so it doesn't think it has to masquerade
when it can't. that might help.

raf

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to