Re: ip_forward - 2 nics

Thu, 07 Nov 2002 18:02:16 -0800 


On Thu, Nov 07, 2002 at 05:33:19PM -0800, Jeff wrote......

> Kevin Coyner, 2002-Nov-07 16:55 -0500:
> > 
> > On Thu, Nov 07, 2002 at 12:20:52PM -0800, Jeff wrote......
> > > > 
> > > > sumida:/etc/init.d# cat /proc/net/ip_conntrack
> > > > <snip>
> > > > udp  17 9 src=10.10.10.156 dst=192.168.2.254 sport=1059 dport=53
> > > > [UNREPLIED] src=192.168.2.254 dst=192.168.2.254 sport=53 dport=1059
> > > > use=1
> > > > udp  17 17 src=10.10.10.156 dst=167.206.112.4 sport=1061 dport=53
> > > > [UNREPLIED] src=167.206.112.4 dst=192.168.2.254 sport=53 dport=1061
> > > > use=1
> > > > 
> > > > The first destination (192.168.2.254) is the router.  The second dest is
> > > > a DNS server on the outside world.  In both cases the [UNREPLIED]
> > > > message is appended.  Is that the proxy box 'not replying'?
> > > 
> > > Ah, when you ping the world, are you pinging using a domain name or an
> > > IP?
> >  
> > I'm using an IP, not a domain name. It seems to try the ICMP ping packet
> > first ....
> > 
> > icmp     1 29 src=10.10.10.156 dst=66.70.90.121 type=8 code=0 id=22790
> > [UNREPLIED] src=66.70.90.121 dst=10.10.10.156 type=0 code=0 id=22790
> > use=1
> > udp      17 8 src=10.10.10.156 dst=167.206.112.3 sport=1112 dport=53
> > [UNREPLIED] src=167.206.112.3 dst=10.10.10.156 sport=53 dport=1112 use=1
> > 
> > .... and then when it doesn't get a reply, it tries sending a udp packet
> > to the DNS server (I've no idea why it does this).
> > 
> > Separately, I'm able to sit at sumida the proxy box and ping everything
> > and anything, both by ip and DN.  
<snip> 
> Oh! Oh! Oh!  The router doesn't know about the 10.0.0.0 network.  It
> needs a static route to 192.168.2.150 to reach the 10.0.0.0/24
> network.  That's why!  The traffic leaves fine, the router doesn't
> know where to send the responding traffic to reach 10.0.0.?.


So does this mean I need to set up NAT/Masquerading on the proxy box
192.168.2.150/10.10.10.10?  In that way it will be hiding/translating
all of the 10.0.0.0 network clients from the router ...?

Hmmmmm ... maybe gettting close.

Kevin

-- 

Kevin Coyner
mailto: [EMAIL PROTECTED]
GnuPG key: 1024D/8CE11941

Attachment: msg11669/pgp00000.pgp
Description: PGP signature

Reply via email to