begin: Terminator <[EMAIL PROTECTED]> quote
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Thanks for the hint. I run tcpdump -i eth(outside) src internal-
> machine-ip, and ping external ip address of gateway, tcpdump
> capture nothing. but if I ping other external ip address, tcpdump
> capture icmp echo packages. So what's the possible problem here?
i'm sorry -- not sure i understand what you're saying here. can you
rephrase?
make sure you understand that tcpdump tells you which direction the
packets are going. basically, what you're looking for is:
1. ping packets coming from the internal machine being received by the gw's
internal nic.
if that works, you're looking for...
2. the ping packets leaving the gw's external nic bound for the internet.
if that works, you're looking for...
3. the echo packets coming back to the gw's external nic
if that works, you're looking for...
4. the echo packets leaving the gw's internal nic.
if that works, you're looking for...
5. echo packets being received by the internal machine.
which of these steps is broken?
> Also, if I run tcpdump -i eth(inside) ip proto \\icmp, and ping
> from internal machine to internal ip, external ip of gateway,
> tcpdump capture both packages. If I ping other external ip address,
> tcpdump capture the icmp echo from internal machine to external
> machine, but no reply.
ok, i understood this. you can ping the external ip of the gw correctly.
no surprises here.
> Actually I'm trying to do some Masquerade things, but whatever
> sample scripts I tried, I always could not ping outside net from
> internal net. So I decide to do the simplest at first - no masquerade,
> but gateway. However, it still does not work. :-((((
ok, like i mentioned before, i don't know netfilter. would you consider
recompiling your kernel to provide the ipchains interface? then i'll be able
to actually give you some concrete help...
pete
> On Mon, 27 Aug 2001, Peter Jay Salzman wrote:
>
> > jimmy,
> >
> > you can get some clues about where the packets are going.
> >
> > 1. from your 'gateway' type: tcpdump -i eth(outside)
> > 2. from your internal machine, type ping (outside whatever)
> >
> > see if the ping packets are leaving your livingroom network. also, try:
> >
> > 1. from your 'gateway' type: tcpdump -i eth(inside)
> > 2. from your internal machine, type ping (outside whatever)
> >
> > see if the gateway is receiving packets from the local machine. also, try:
> >
> > 1. from infernal machine, type: tcpdump -i eth0
> > 2. from infernal machine, type: ping (outside whatever)
> >
> > now you should know exactly where packets are going and where they're not
> > going.
> >
> > i've never played with iptables before; i still use ipchains. actually, i'm
> > waiting for jeff to teach me iptables. ;)
> >
> > also, is this gateway simply providing masquerading or is it actually
> > filtering?
> >
> > pete
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (IRIX)
> Comment: For info see http://www.gnupg.org
>
> iEYEARECAAYFAjuKzB4ACgkQZ1kuLJJ1tnLe8gCdHrqG4hhki5aTGwvT5G1AGsZ+
> GzwAnRopUOQG6o3wUWtDAx6zx16lZ9ic
> =ESrv
> -----END PGP SIGNATURE-----
>
--
"The following addresses had permanent fatal errors..." [EMAIL PROTECTED]
-- Mailer Daemon www.dirac.org/p
