[masq] ipautofw problem

Wed, 25 Nov 1998 04:27:12 -0500 

Hello, masq GURUs!

First of all I'm sorry if my question and problem is well known. If it's
true, please, point me to decision docs.
And also sorry for my English ;)

My problem:
I've got an external net (DMZ) and an internal, hidden using
masquerading.
And I want to allow connections from external world to some (NNTP for
ex.) port of internal box.

Let AddrE - IP address of some external box, AddrL - linux running
masquerading, AddrM - internal (masqueraded) box.

AddrL have network cards in both (internal and external) networks.

I'm typing : ipautofw -A -r tcp 119 119 -h <AddrM>
Command runs OK and entry in /proc/net/ip_autofw appears.  

After that I'm trying to access AddrM from AddrE
        AddrE> telnet <AddrL> 119
But the connection times-out :( , because there is no ACKs for TCP
packets with SYN flag set.

Tcpdump on external interface says:

10:50:58.995297 AddrM.nntp > AddrE.25601: S 8734:8734(0) ack 2610645528
win 8760 <mss 1460> (DF)
10:51:00.975297 AddrE.25601 > AddrM.nntp: S 2610645527:2610645527(0) win
2144 <mss 1460>
10:51:00.975297 AddrM.nntp > AddrE.25601: . ack 1 win 8760 (DF)
10:51:01.935297 AddrM.nntp > AddrE.25601: S 8734:8734(0) ack 2610645528
win 8760 <mss 1460> (DF)
10:51:04.945297 AddrE.25601 > AddrM.nntp: S 2610645527:2610645527(0) win
2144 <mss 1460>
10:51:04.945297 AddrM.nntp > AddrE.25601: . ack 1 win 8760 (DF)
10:51:07.945297 AddrM.nntp > AddrE.25601: S 8734:8734(0) ack 2610645528
win 8760 <mss 1460> (DF)
10:51:12.885297 AddrE.25601 > AddrM.nntp: S 2610645527:2610645527(0) win
2144 <mss 1460>
10:51:12.885297 AddrM.nntp > AddrE.25601: . ack 1 win 8760 (DF)
10:51:19.965297 AddrM.nntp > AddrE.25601: S 8734:8734(0) ack 2610645528
win 8760 <mss 1460> (DF)

Tcpdump on internal interface says:

10:50:58.985297 AddrE.25601 > AddrM.nntp: S 2610645527:2610645527(0) win
2144 <mss 1460>
10:51:00.975297 AddrE.25601 > AddrM.nntp: S 2610645527:2610645527(0) win
2144 <mss 1460>
10:51:04.945297 AddrE.25601 > AddrM.nntp: S 2610645527:2610645527(0) win
2144 <mss 1460>
10:51:12.885297 AddrE.25601 > AddrM.nntp: S 2610645527:2610645527(0) win
2144 <mss 1460>

Independent sniffer from internal net gives the same results.
I don't understand anything
Perhaps, tcpdump on external interface gives me wrong results, but I've
no other opportunity to run sniffer on my external network :( 

Can anybody tell me were I'm wrong? May be I messed something?

I'm running RH 5.1 with kernel 2.0.35 and ipautofw-2.0.0.

Additional question: 
 I know about TCPDeath problem caused by ipautofw. How to solve it? Is
were any patch?

Thanks for any help.

=============================================
  Regards, Alexey Sobolev. 
  St. Petersburg, Russia.
  ICQ: 170-140-26
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Reply via email to