Hi,
I ran into problem on port forwarding and looks like the ACK responding
packet lost.
My environment is,
Kernel 2.1.126
Net-tools 1.45
Ipmasqadm 0.4.1
Ipchains 1.3.8
and, treat this linux box as firewall, to separate 203.75.nn.x and
192.168.1.x two c-class network. The IPs on this box are 203.75.nn.90
and 192.168.1.91, two ethernet type NIC.
The chain rules are simply as following,
ipchains -F input
ipchains -F output
ipchains -F forward
ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward MASQ
The masquerade function is just fine. All the inside nodes can reach to
the Internet by the firewall.
But, I can not successfully setup the port-forwarding to redirect some
ports(eg. telnet, ftp, www, etc.) from external world to internal
net.(from 0/0 to 192.168.1.x)
My port-forwarding command is,
ipmasqadm portfw -a -P tcp -L 203.75.nn.90 5001 -R 192.168.1.1
telnet
What I trying to do is to redirect a port 5001 on firewall to intenal
machine telnet port for login. Well, it does not work.
I use "tcpdump" to trace the traffic. I found that there is an ACK
packet sendback, but src machine seems *NOT* got it.
15:06:33.059762 SRC.4262 > DST.telnet: S 1027008000:1027008000(0) win
61440 <mss 1460>
15:06:33.060666 DST.telnet > SRC.4262: S 806912000:806912000(0) ack
1027008001 win 61440 <mss 512>
15:06:33.061919 SRC.4262 > DST.telnet: R 1027008001:1027008001(0) win 0
.....(REPEAT 4 TIMES)
==> The 3rd packet should looks like
. ack 1 win 32120 (DF)
Do you have any suggestion or any idea about how these happened ?
Thanks in advance.
Ping Lee
[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
