Kevin Coyner, 2002-Nov-07 16:55 -0500: > > On Thu, Nov 07, 2002 at 12:20:52PM -0800, Jeff wrote...... > > > > > > sumida:/etc/init.d# cat /proc/net/ip_conntrack > > > <snip> > > > udp 17 9 src=10.10.10.156 dst=192.168.2.254 sport=1059 dport=53 > > > [UNREPLIED] src=192.168.2.254 dst=192.168.2.254 sport=53 dport=1059 > > > use=1 > > > udp 17 17 src=10.10.10.156 dst=167.206.112.4 sport=1061 dport=53 > > > [UNREPLIED] src=167.206.112.4 dst=192.168.2.254 sport=53 dport=1061 > > > use=1 > > > > > > The first destination (192.168.2.254) is the router. The second dest is > > > a DNS server on the outside world. In both cases the [UNREPLIED] > > > message is appended. Is that the proxy box 'not replying'? > > > > Ah, when you ping the world, are you pinging using a domain name or an > > IP? > > I'm using an IP, not a domain name. It seems to try the ICMP ping packet > first .... > > icmp 1 29 src=10.10.10.156 dst=66.70.90.121 type=8 code=0 id=22790 > [UNREPLIED] src=66.70.90.121 dst=10.10.10.156 type=0 code=0 id=22790 > use=1 > udp 17 8 src=10.10.10.156 dst=167.206.112.3 sport=1112 dport=53 > [UNREPLIED] src=167.206.112.3 dst=10.10.10.156 sport=53 dport=1112 use=1 > > .... and then when it doesn't get a reply, it tries sending a udp packet > to the DNS server (I've no idea why it does this). > > Separately, I'm able to sit at sumida the proxy box and ping everything > and anything, both by ip and DN. > > > I appears you are using a domain name and it's not getting resolved. > > According to he cat above, your router is may be droping the DNS > > requests. Could this router be doing a DNS proxy? Try setting the > > DNS IP on your client and sumida to 192.168.10.254 and see if it > > works. Also, where did 192.168.2.254 come from? According to you > > original post, the network between sumida and the router is > > 192.168.10.0. > > I tried changing the ip's for the DNS as you suggested ... no success. > The network was 192.168.10.0. As part of mucking up the whole system, I > changed it at one point. It is now 192.168.2.0. I'm quite sure that I > was consistent with my changes throughout both boxes. > > > One last thing, can you client ping 192.168.10.254? That would prove > > that sumida is forwarding. > > The client is not able to ping 192.168.2.254 (used to be > 192.168.10.254). It can, however, ping the sumida the proxy box, both by > IP and by pinging sumida the DN. > > Banging head against wall at this point. This should be > straightforward.
Oh! Oh! Oh! The router doesn't know about the 10.0.0.0 network. It needs a static route to 192.168.2.150 to reach the 10.0.0.0/24 network. That's why! The traffic leaves fine, the router doesn't know where to send the responding traffic to reach 10.0.0.?. This has to be it! jc -- Jeff Coppock Systems Engineer Diggin' Debian Admin and User -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
