On Thu, May 27, 1999 at 09:07:44PM -0400, Dave Cinege wrote:
>
> Could the initial packets data be getting it's head or tail cut off?
This is purely from theory, I don't have the setup to try this:
A workstation sends the packet to server2. It gets masqueraded (you
told it so) and forwarded through eth0 on server 2. As the packet is
going out of the interface it came in on you'll get an icmp redirect
in addition to the forwarded packet. It'll have the source address of
192.68.0.2, which is not what you want. The SYN/ACK packet will make
its way back and will be demasqueraded. The rest of the connection
gets to server 1 without hitting server2. This will break things as
the source address is now the workstation address.
After the redirect subsequent connection requests will work, until the
host entry on the workstation times out and the circus starts again.
Fix: always specify the interface in your masquerading rules (-V eth1
or -W 208.xx.xx.xx). Then the original packet won't be masqueraded
when it does not go out of eth1 and life will be good.
Ge'
--
-
Ge' Weijers Voice: (614)326 4600
Progressive Systems, Inc. FAX: (614)326 4601
2000 West Henderson Rd. Suite 400, Columbus OH 43220
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
