/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
Thomas Jarosch wrote: > Hi all, > > I've applied Michael Best's masq-demasq patch to kernel 2.2.19 > to make internal port forwarding possible. > > Here is my session log: > > Client: 172.16.1.247 > Masq-Box: 172.16.1.123 (eth1) / External: 213.7.16.210 (ppp0) > WWW-Server: 172.16.1.2 > > ipmasq portfw -l output: > prot localaddr rediraddr lport rport pcnt pref > TCP 213.7.15.210 172.16.1.2 80 80 10 10 > > ipchains -L output: > Chain forward (policy ACCEPT: 1441 packets, 591260 bytes): > pkts bytes target prot opt tosa tosx ifname mark outsize > source destination ports > 0 0 MASQ all ------ 0xFF 0x00 * > 172.16.0.0/16 0.0.0.0/0 n/a > > Chain input (policy DENY: 0 packets, 0 bytes): > pkts bytes target prot opt tosa tosx ifname mark outsize > source destination ports > 101 4506 ACCEPT tcp ------ 0xFF 0x00 * > 0.0.0.0/0 213.7.15.210 * -> 80 > > route -n output: > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 62.104.220.43 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 > 172.16.1.123 0.0.0.0 255.255.255.255 UH 0 0 0 eth1 > 172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo > 0.0.0.0 62.104.220.43 0.0.0.0 UG 0 0 0 ppp0 > > tcpdump of failing session: > > 15:34:55.163739 eth1 < 172.16.1.247.1273 > 213.7.15.210.www: S > 3159403988:3159403988(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) > 15:34:55.163935 eth1 > 172.16.1.123.61167 > 172.16.1.2.www: S > 3159403988:3159403988(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) > 15:34:55.164107 eth1 < 172.16.1.2.www > 172.16.1.123.61167: S > 13776300:13776300(0) ack 3159403989 win 8760 <mss 1460> (DF) > 15:34:55.164232 eth1 > 172.16.1.123.www > 172.16.1.247.1273: S > 13776300:13776300(0) ack 3159403989 win 8760 <mss 1460> (DF) > 15:34:55.164328 eth1 < 172.16.1.247.1273 > 172.16.1.123.www: R > 3159403989:3159403989(0) win 0 > 15:34:55.164369 eth1 > 172.16.1.123.61167 > 172.16.1.2.www: R > 3159403989:3159403989(0) win 0 > > > As you can see in line 2/3 the demasq patch works perfectly. > But in line 4 there's the error and I don't know how to solve it. > My masq box "replies" with the IP address "172.16.1.123" instead > of the external IP address -> TCP reset. > Maybe this is a kernel 2.2.19 issue. the patch was written for 2.2.13. maybe something important has changed since then. you'd better ask michael about this ([EMAIL PROTECTED]). did it apply cleanly? > Any help is appreciated as I've already spent two days on this :-( a workaround is to use split dns zones where internal hosts use a dns server that maps the name of 213.7.16.210 to the address 172.16.1.2. > Thanks in advance, > Thomas. raf _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
