[Masq] Re: Q: port forwarding on kernel 2.2.13

Sun, 31 Oct 1999 23:43:01 -0800 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */


Hi,

I can get additional information. But, unfortunately, I have
not resolve the problem yet. I need your help and wisdom.

Ryoji Kobayashi <[EMAIL PROTECTED]> wrote on
Message-ID: <[EMAIL PROTECTED]>
> I executed the following commands on the Linux box to set up
> port forwarding.
> 
>   # ipchains -F
>   # ipmasqadm portfw -f
>   # ipmasqadm portfw -a -P tcp -L 172.16.0.1 10023 -R 192.168.0.2 23
>   # ipchains -L -n
>   Chain input (policy ACCEPT):
>   Chain forward (policy ACCEPT):
>   Chain output (policy ACCEPT):
>   # ipmasqadm portfw -ln
>   prot localaddr            rediraddr               lport    rport  pcnt  pref
>   TCP  172.16.0.1           192.168.0.2             10023       23    10    10
> 
> And I tried to access to port 10023 on 172.16.0.1 by telnet
> from 172.16.0.2 machine. It failed with time out.
> 
>   $ telnet 172.16.0.1 10023
>   Trying 172.16.0.1...
>   telnet: Unable to connect to remote host: Operation timed out

I watched network activity with tcpdump and I can see the
following three packets.

(1) 17:13:27.158720 172.16.0.2.1587 > 172.16.0.1.10023:
     S 1768496939:1768496939(0) win 16384
     <mss 1460,nop,wscale 0,nop,nop,timestamp[|tcp]> (DF) [tos 0x10]

(2) 17:13:27.158776 172.16.0.2.1587 > 192.168.0.2.23:
     S 1768496939:1768496939(0) win 16384
     <mss 1460,nop,wscale 0,nop,nop,timestamp[|tcp]> (DF) [tos 0x10]
(3) 17:13:27.165903 192.168.0.2.23 > 172.16.0.2.1587:
     S 1377158:1377158(0) ack 1768496940 win 8192 <mss 520>

        172.16.0.2     172.16.0.1
        +------+    (1)    +-----+   (2)    +------+
        |client|---------->|Linux|--------->|server|
        |      |<----X-----|     |<---------|      |
        +------+    (4)    +-----+   (3)    +------+
                            192.168.0.1  192.168.0.2

But I can't see an expected packet (4) in the above figure.
It seems the Linux box forwards incomming packets, but it
doesn't forward the packet from the server to the client.

Please tell me what is wrong if you can find out.
--
Ryoji Kobayashi
[EMAIL PROTECTED]
Riki Network Systems Inc.

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES 
UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to