On Fri, Oct 24, 2003 at 04:07:20PM +0200, Mark Bojara wrote:
> I want option a. It must route the packet to 192.168.0.1 exactly how it is
> without modifying any headers. on 192.168.0.1 there is NAT on it wich will
> handle translation.
Ok, so let's look at the destination MAC addresses.
> On 192.168.0.2 (localhost):
> x86:~# tcpdump -e -i tun1
> tcpdump: listening on tun1
> 16:03:31.375841 ip 84: 192.168.0.2 > apollo.is.co.za: icmp: echo request
It seems FreeBSD tcpdump uses different parameters (-e doesn't print
ethernet addresses, obviously). Can you check your manpage and re-run
these with the option that prints the ethernet addresses (link-level
header)?
On OpenBSD, it's
# tcpdump -nei gem0
16:14:00.852256 0:10:a7:17:1a:c0 0:a:95:6d:aa:98 0800 102: 10.1.1.145 >
10.1.1.60: icmp: echo request (DF)
> On 192.168.0.1 (remote gateway):
> blowfish:~# tcpdump -e -i tun0
> tcpdump: listening on tun0
> 16:00:25.851705 ip 84: truncated-ip - 21420 bytes missing! 192.168.0.2 >
> apollo.is.co.za: icmp: echo request
Oh, so the packets do arrive at the other gateway (the one you want
route-to to send them to, not the default gateway)? In that case the
route-to rule worked fine. Is the other gateway just dropping them
(because of truncation or invalid checksums)? Run tcpdump with options
that increase snaplen to 1600 (-s 1600) and print checksum mismatches
(-vvv), to check.
Daniel
