l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 7: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2001 Dec 30 17:08

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Linux as gateway
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Linux as gateway



begin: Terminator <jimmyzhou@bigfoot.com> quote
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Thanks for the hint. I run tcpdump -i eth(outside) src internal-
> machine-ip, and ping external ip address of gateway, tcpdump
> capture nothing. but if I ping other external ip address, tcpdump
> capture icmp echo packages. So what's the possible problem here?

i'm sorry -- not sure i understand what you're saying here.  can you
rephrase?

make sure you understand that tcpdump tells you which direction the
packets are going.  basically, what you're looking for is:

1. ping packets coming from the internal machine being received by the gw's
   internal nic.

if that works, you're looking for...

2. the ping packets leaving the gw's external nic bound for the internet.

if that works, you're looking for...

3. the echo packets coming back to the gw's external nic

if that works, you're looking for...

4. the echo packets leaving the gw's internal nic.

if that works, you're looking for...

5. echo packets being received by the internal machine. 
 

which of these steps is broken?

> Also, if I run tcpdump -i eth(inside) ip proto \\icmp, and ping
> from internal machine to internal ip, external ip of gateway,
> tcpdump capture both packages. If I ping other external ip address,
> tcpdump capture the icmp echo from internal machine to external
> machine, but no reply.

ok, i understood this.  you can ping the external ip of the gw correctly.
no surprises here.

> Actually I'm trying to do some Masquerade things, but whatever
> sample scripts I tried, I always could not ping outside net from
> internal net. So I decide to do the simplest at first - no masquerade,
> but gateway. However, it still does not work. :-((((
 
ok, like i mentioned before, i don't know netfilter.  would you consider
recompiling your kernel to provide the ipchains interface?  then i'll be able
to actually give you some concrete help...

pete


> On Mon, 27 Aug 2001, Peter Jay Salzman wrote:
> 
> > jimmy,
> >
> > you can get some clues about where the packets are going.
> >
> > 1. from your 'gateway' type: tcpdump -i eth(outside)
> > 2. from your internal machine, type ping (outside whatever)
> >
> > see if the ping packets are leaving your livingroom network.  also, try:
> >
> > 1. from your 'gateway' type: tcpdump -i eth(inside)
> > 2. from your internal machine, type ping (outside whatever)
> >
> > see if the gateway is receiving packets from the local machine.  also, try:
> >
> > 1. from infernal machine, type:  tcpdump -i eth0
> > 2. from infernal machine, type:  ping (outside whatever)
> >
> > now you should know exactly where packets are going and where they're not
> > going.
> >
> > i've never played with iptables before; i still use ipchains.  actually, i'm
> > waiting for jeff to teach me iptables.  ;)
> >
> > also, is this gateway simply providing masquerading or is it actually
> > filtering?
> >
> > pete
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (IRIX)
> Comment: For info see http://www.gnupg.org
> 
> iEYEARECAAYFAjuKzB4ACgkQZ1kuLJJ1tnLe8gCdHrqG4hhki5aTGwvT5G1AGsZ+
> GzwAnRopUOQG6o3wUWtDAx6zx16lZ9ic
> =ESrv
> -----END PGP SIGNATURE-----
> 

-- 
"The following addresses had permanent fatal errors..."      p@dirac.org
                               -- Mailer Daemon              www.dirac.org/p


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!