begin: Terminator <[EMAIL PROTECTED]> quote
>
> On Mon, 27 Aug 2001, Peter Jay Salzman wrote:
>
> > make sure you understand that tcpdump tells you which direction the
> > packets are going. basically, what you're looking for is:
> >
> > 1. ping packets coming from the internal machine being received by the gw's
> > internal nic.
> >
> > if that works, you're looking for...
> >
> > 2. the ping packets leaving the gw's external nic bound for the internet.
> >
> > if that works, you're looking for...
> >
> > 3. the echo packets coming back to the gw's external nic
> >
> > if that works, you're looking for...
> >
> > 4. the echo packets leaving the gw's internal nic.
> >
> > if that works, you're looking for...
> >
> > 5. echo packets being received by the internal machine.
> >
> >
> > which of these steps is broken?
>
> It seems the 3rd step is broken. I run tcpdump on both gateway
> and an external machine.
>
> On gateway, tcpdump capture the echo request package, but no
> reply packages.
>
> On external machine, tcpdump capture both request and reply
> packages. The src ip of request packages is the internal ip.
ok, so we've identified the problem pretty accurately:
the gateway is sending packets to the net with its own internal IP address.
we'd like the gateway to send packets with its own external IP address.
> If I ping gateway from the external machine directly, both
> tcpdump capture all request and reply packages.
>
> Maybe it's because the internal ip of the reply packages make
> it be dropped on some router?
at this point, we need someone who knows iptables (or you should enable
ipchains support in the kernel). i know that iptables has some pretty
powerful packet header rewriting capability, but i've never played with it.
did you try jan's script? jan, do you know iptables?
anyone?
pete
--
"The following addresses had permanent fatal errors..." [EMAIL PROTECTED]
-- Mailer Daemon www.dirac.org/p
