Mike Almogy wrote:
> Hi.
>
> did you configured the kernel with IPCHAINS as needed ?
>
> You can read the IP-MASQUERADING HOWTO , there is a detailed examples how to
> do it.
> you need some rules in order to let Linux know that it supposed to do the
> masquerading from one net to the other.
Thanks for your answer, Mike,
For now no masquerading is taking place: all rules default to ACCEPT.
-- Meir
> ----- Original Message -----
> From: "Meir" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, June 15, 2000 12:20 PM
> Subject: SYN/ACK not forwarded to 2nd NIC
>
> > Hi,
> >
> > I have a curious problem.
> >
> > My box (linux) is trying to send mail to a target.
> > Between my box and the target there is a linux box 2.2.12
> > with 4 NICs but (for now) _without_ any filtering rules
> > at all (all default to ACCEPT).
> >
> > Only 2 NICs are up: eth0 to external net and eth1 to internal net.
> >
> > The problem is that when I tcpdump the 2 NICs from this middle-box,
> > I can see a SYN getting out from eth1 and then passed to eth0
> > (ip forwarding is enabled), and then I receive a SYN/ACK from the
> > target box via eth0, but this SYN/ACK _never_ reach
> > eth1 (which point to internal net) !!!
> >
> > The figure describe what's happen:
> >
> > ___________________
> > | |
> > | <- SYN |<- SYN <- SYN | | 192.168.9.133
> > Target | |eth0 eth1 |----------| My box
> > | 192.168.0.29 192.168.9.150 | run
> > | SYN/ACK -> | -> ??? | | telnet Target 25
> > |_____________ ____|
> >
> > ^
> > |
> > |_____ SYN/ACK never reach eth1 !!!
> >
> > # /sbin/route
> >
> > Kernel IP routing table
> > Destination Gateway Genmask Flags Metric Ref Use
> > Iface
> > 192.168.0.29 * 255.255.255.255 UH 0 0 0
> > eth0
> > 192.168.9.150 * 255.255.255.255 UH 0 0 0
> > eth1
> > 192.168.0.24 * 255.255.255.248 U 0 0 0
> > eth0
> > 192.168.9.128 * 255.255.255.224 U 0 0 0
> > eth1
> > 127.0.0.0 * 255.0.0.0 U 0 0 0
> > lo
> > default 192.168.0.25 0.0.0.0 UG 0 0 0
> > eth0
> >
> > eth0: 192.168.0.29 netmask 255.255.255.248
> > eth1: 192.168.9.150 netmask 255.255.255.224
> > default route: 192.168.0.25
> >
> > My box: 192.168.9.133 netmask 255.255.255.224
> > default route: 192.168.9.150
> >
> > The same thing occures when telneting Target on ports 7/9/79 etc...
> >
> > _But_ when I telnet Target 80 or 21 from My Box, it works !
> > Why ?
> > Sure, I am missing something, but what ?
> >
> > I try with kernel 2.2.5, 2.2.12, 2.2.14.
> >
> > /proc/sys/net/ipv4/conf/{all,eth*}/rp_filter are set to 1
> > /proc/sys/net/ipv4/ip_forward is set to 1
> >
> > Thanks in advance,
> >
> > -- Meir
> >
> >
> > =================================================================
> > To unsubscribe, send mail to [EMAIL PROTECTED] with
> > the word "unsubscribe" in the message body, e.g., run the command
> > echo unsubscribe | mail [EMAIL PROTECTED]
> >
> >
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
