Re: ip_forward - 2 nics

To: debian-user@lists.debian.org
Subject: Re: ip_forward - 2 nics
From: Kevin Coyner <kevin@rustybear.com>
Date: Thu, 7 Nov 2002 21:00:07 -0500
Message-id: <[🔎] 20021108020007.GA14747@rustybear.com>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20021108013318.GN3264@jc.oftheinter.net>
References: <[🔎] 20021107045030.GA4969@rustybear.com> <[🔎] 20021107062809.GH3264@jc.oftheinter.net> <[🔎] 20021107134644.GC4969@rustybear.com> <[🔎] 20021107120324.00e3437f.ciccio@kiosknet.com.br> <[🔎] 20021107191446.GE4969@rustybear.com> <[🔎] 20021107202052.GK3264@jc.oftheinter.net> <[🔎] 20021107215555.GF4969@rustybear.com> <[🔎] 20021108013318.GN3264@jc.oftheinter.net>


On Thu, Nov 07, 2002 at 05:33:19PM -0800, Jeff wrote......

> Kevin Coyner, 2002-Nov-07 16:55 -0500:
> > 
> > On Thu, Nov 07, 2002 at 12:20:52PM -0800, Jeff wrote......
> > > > 
> > > > sumida:/etc/init.d# cat /proc/net/ip_conntrack
> > > > <snip>
> > > > udp  17 9 src=10.10.10.156 dst=192.168.2.254 sport=1059 dport=53
> > > > [UNREPLIED] src=192.168.2.254 dst=192.168.2.254 sport=53 dport=1059
> > > > use=1
> > > > udp  17 17 src=10.10.10.156 dst=167.206.112.4 sport=1061 dport=53
> > > > [UNREPLIED] src=167.206.112.4 dst=192.168.2.254 sport=53 dport=1061
> > > > use=1
> > > > 
> > > > The first destination (192.168.2.254) is the router.  The second dest is
> > > > a DNS server on the outside world.  In both cases the [UNREPLIED]
> > > > message is appended.  Is that the proxy box 'not replying'?
> > > 
> > > Ah, when you ping the world, are you pinging using a domain name or an
> > > IP?
> >  
> > I'm using an IP, not a domain name. It seems to try the ICMP ping packet
> > first ....
> > 
> > icmp     1 29 src=10.10.10.156 dst=66.70.90.121 type=8 code=0 id=22790
> > [UNREPLIED] src=66.70.90.121 dst=10.10.10.156 type=0 code=0 id=22790
> > use=1
> > udp      17 8 src=10.10.10.156 dst=167.206.112.3 sport=1112 dport=53
> > [UNREPLIED] src=167.206.112.3 dst=10.10.10.156 sport=53 dport=1112 use=1
> > 
> > .... and then when it doesn't get a reply, it tries sending a udp packet
> > to the DNS server (I've no idea why it does this).
> > 
> > Separately, I'm able to sit at sumida the proxy box and ping everything
> > and anything, both by ip and DN.  
<snip> 
> Oh! Oh! Oh!  The router doesn't know about the 10.0.0.0 network.  It
> needs a static route to 192.168.2.150 to reach the 10.0.0.0/24
> network.  That's why!  The traffic leaves fine, the router doesn't
> know where to send the responding traffic to reach 10.0.0.?.


So does this mean I need to set up NAT/Masquerading on the proxy box
192.168.2.150/10.10.10.10?  In that way it will be hiding/translating
all of the 10.0.0.0 network clients from the router ...?

Hmmmmm ... maybe gettting close.

Kevin

-- 

Kevin Coyner
mailto: kevin@rustybear.com
GnuPG key: 1024D/8CE11941

Attachment: pgpUPLZoj9OSw.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: ip_forward - 2 nics [solved]
  - From: Kevin Coyner <kevin@rustybear.com>

References:
- ip_forward - 2 nics
  - From: Kevin Coyner <kevin@rustybear.com>
- Re: ip_forward - 2 nics
  - From: Jeff <jcoppock1@attbi.com>
- Re: ip_forward - 2 nics
  - From: Kevin Coyner <kevin@rustybear.com>
- Re: ip_forward - 2 nics
  - From: Christoph Simon <ciccio@kiosknet.com.br>
- Re: ip_forward - 2 nics
  - From: Kevin Coyner <kevin@rustybear.com>
- Re: ip_forward - 2 nics
  - From: Jeff <jcoppock1@attbi.com>
- Re: ip_forward - 2 nics
  - From: Kevin Coyner <kevin@rustybear.com>
- Re: ip_forward - 2 nics
  - From: Jeff <jcoppock1@attbi.com>

Prev by Date: # Re: procmail slow email delivery
Next by Date: Re: pam-ldap headaches
Previous by thread: Re: ip_forward - 2 nics
Next by thread: Re: ip_forward - 2 nics [solved]
Index(es):
- Date
- Thread