Re: Roach Motel For Packets...

To: "Peter Billson" <pete@elbnet.com>, <debian-isp@lists.debian.org>
Subject: Re: Roach Motel For Packets...
From: "Jason Lim" <maillist@jasonlim.com>
Date: Mon, 1 Oct 2001 05:07:32 +0800
Message-id: <[🔎] 005401c149f3$ef4bfe20$3f0210ac@ZENTEK>
Reply-to: "Jason Lim" <maillist@jasonlim.com>
References: <[🔎] Pine.BSO.4.21.0109292024420.7431-100000@sloth.wcug.wwu.edu> <[🔎] 3BB71D4E.54D555A@elbnet.com>

Why not bridge eth0 and eth1?

----- Original Message -----
From: "Peter Billson" <pete@elbnet.com>
To: <debian-isp@lists.debian.org>
Sent: Sunday, September 30, 2001 9:25 PM
Subject: Re: Roach Motel For Packets...


> Let me see if bad drawings help any:
>
> eth0(to Internet IP "A.A.A.A")--|------|
>                                 |Router|--eth2(192.168.1.1)
> eth1(to Internet IP "B.B.B.B")--|------|  eth2:0(10.0.0.1)
>
>
> and
>
>                                     |---------------|
> <<--to router --eth0(192.168.1.2)---|PC #1 -localnet|
>                 eth0:0 (10.0.0.2)   |---------------|
>
> All traffic to and from 192.168.1.0/27 goes over A.A.A.A
> All traffic to and from 10.0.0.0/27 goes over B.B.B.B
> A.A.A.A is the default gateway for all other traffic
>
> If I log into the router I can ping any IP, on any interface including
> my telco's first hop out eth0 and eth1. Packets get routed as expected.
>
> If I log into PC#1 I can ping any interface on the router, anything on
> the localnet and anything on the Internet (through the router's eth0
> which is the default gateway) but I can not ping anything on the remote
> side of the router's eth1.
>
> If I log into a remote machine I can ping any IP serviced by eth0, can
> ping my telco's side of the eth1 connection but can not reach any IPs
> serviced by eth1, including eth1 itself.
>
> I'm using ipchains to log *all* packets on every interface and in all
> the above examples I can see the ping packets come in eth1 but that's
> it. They never attempt to leave through any interface.
>
> Note the IPs in the example are fake. The real IPs are in the public IP
> space so the problem isn't trying to route these private IPs over the
> internet. :-)
>
> The ipchains rules are:
> # Rules for eth0 these work!
> ipchains -A input   -i eth2 -s 192.168.1.0/27 -j ACCEPT
> ipchains -A output  -i eth2 -d 192.168.1.0/27 -j ACCEPT
> ipchains -A forward -i eth0 -s 192.168.1.0/27 -j ACCEPT
> ipchains -A forward -i eth2 -d 192.168.1.0/27 -j ACCEPT
>
> # Rules for eth1 these don't!
> ipchains -A input   -i eth2 -s 10.0.0.0/27 -j ACCEPT
> ipchains -A output  -i eth2 -d 10.0.0.0/27 -j ACCEPT
> ipchains -A forward -i eth1 -s 10.0.0.0/27 -j ACCEPT
> ipchains -A forward -i eth2 -d 10.0.0.0/27 -j ACCEPT
>
> # And of course there are other rules allowing traffic in and out eth0
> and eth1.
>
> I'm stumped! I'd be happy if it was a routing problem that I could see
> or  firewall rule screwing things up.
>
> Is there, maybe, something I need to do when I give the NIC an alias?
>
> Pete
>
>
> > I am not sure if I understand this exactly. It may help to have more
> > information.
> >
> > I have a feeling your replies are being sent out but are being
firewalled
> > by another router, since they appear to have a source address that
doesn't
> > belong to its network (i.e. address spoofing, SMURF attack).
>
>
> --
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
> http://www.zentek-international.com
>

Reply to:

References:
- Re: Roach Motel For Packets...
  - From: "Jeremy C. Reed" <reed@wcug.wwu.edu>
- Re: Roach Motel For Packets...
  - From: Peter Billson <pete@elbnet.com>

Prev by Date: bind: changing many serials at once
Next by Date: Re: pppd and kernel 2.4.9
Previous by thread: Re: Roach Motel For Packets...
Next by thread: dns takeover with dhcp-dns
Index(es):
- Date
- Thread