hi debian folk, i am in desperate need of your wisdom, patience, and
help!
i have a network setup as follows:
212.54.xxx.12 <router> 192.168.14.1
|
|
|
192.168.14.31 <fw> 192.168.31.1
|
|
|
host> 192.168.31.2
the only thing doing PAT (masquerading) is the router, the firewall
does *not* NAT!
my probem is as follows:
when i sit at the 192.168.31.2 machine, and i ping 192.168.14.1,
then the echo request properly traverses the firewall (its default
route), and the firewall hands it off its 192.168.14.31 IP to the
router at 192.168.14.1.
in order for replies to come back, i have added a static route to
the router with the following command:
#> route add -net 192.168.31.0 netmask 255.255.255.0 \
gw 192.168.14.31 metric 1
which makes the routing table look like this:
#> route -n
212.54.xxx.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
192.168.14.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.31.0 192.168.14.31 255.255.255.0 UG 1 0 0 eth1
0.0.0.0 212.54.xxx.1 0.0.0.0 UG 0 0 0 eth0
however, the echo replies never get there. and best of all, here's
tcpdump's output on the router:
#> tcpdump -ni any
tcpdump: listening on any
22:54:17.981373 192.168.31.2 > 192.168.14.1: icmp: echo request (DF)
22:54:17.982174 192.168.14.1 > 192.168.14.1: icmp: echo reply
22:54:18.981352 192.168.31.2 > 192.168.14.1: icmp: echo request (DF)
22:54:18.982102 192.168.14.1 > 192.168.14.1: icmp: echo reply
*but*: sitting at the router and pinging 192.168.31.2:
%> ping -nc1 192.168.31.2
PING 192.168.31.2 (192.168.31.2): 56 data bytes
64 bytes from 192.168.31.2: icmp_seq=0 ttl=128 time=3.6 ms
would you agree with me that there's something wrong?
but in any case, would you like to tell me _what_ is wrong?
--
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
two manic depressives named mastick
had marital problems, quite drastic.
her mood swings were mild,
but his were quite wild.
the two were not homoscedastic.
Attachment:
pgpFlApcr1XXb.pgp
Description: PGP signature