/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */ Hi all, I posted the attached message on 2-Nov-1999 (in JST) to this ML. But it seems that it has not delivered to the subscribers (including me :) yet. So I re-post this message. I'm sorry if you see the same message twice. -- Ryoji Kobayashi [EMAIL PROTECTED] Riki Network Systems Inc. To: [EMAIL PROTECTED] Subject: SOLVED: [Q: port forwarding on kernel 2.2.13] From: Ryoji Kobayashi <[EMAIL PROTECTED]> In-Reply-To: <[EMAIL PROTECTED]> References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> X-Mailer: Mew version 1.94 on Emacs 19.28 / Mule 2.3 (SUETSUMUHANA) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <[EMAIL PROTECTED]> Date: Tue, 02 Nov 1999 17:42:32 +0900 (JST) X-Dispatcher: imput version 990905(IM130) Lines: 61 Hi all, Finally, I found what is wrong on my port forwarding problem. I will explain the reason below. Ryoji Kobayashi <[EMAIL PROTECTED]> wrote on Message-ID: <[EMAIL PROTECTED]> > I watched network activity with tcpdump and I can see the > following three packets. > > (1) 17:13:27.158720 172.16.0.2.1587 > 172.16.0.1.10023: > S 1768496939:1768496939(0) win 16384 > <mss 1460,nop,wscale 0,nop,nop,timestamp[|tcp]> (DF) [tos 0x10] > > (2) 17:13:27.158776 172.16.0.2.1587 > 192.168.0.2.23: > S 1768496939:1768496939(0) win 16384 > <mss 1460,nop,wscale 0,nop,nop,timestamp[|tcp]> (DF) [tos 0x10] > (3) 17:13:27.165903 192.168.0.2.23 > 172.16.0.2.1587: > S 1377158:1377158(0) ack 1768496940 win 8192 <mss 520> > > 172.16.0.2 172.16.0.1 192.168.0.2 > +------+ (1) +-----+ (2) +------+ > |client|---------->|Linux|--------->|server| > | |<----X-----| |<---------| | > +------+ (4) +-----+ (3) +------+ > 192.168.0.1 | v 192.168.0.254 +------+ |router| +------+ TELNET server machine's default route was directed to a router and it didn't have explicit route to 172.16.0.0/24. So the packet #3 was not picked up by the Linux (port forwarding) box. The destination of the SYN, ACK packet was 172.16.0.2 and it routed to the router. (It's not my intention. :) I could fix the problem by just adding a route to network 172.16.0.0/24 on the server machine with specifying 192.168.0.1 as its next gateway. server# route add -net 172.16.0.0 netmask 255.255.255.0 \ gw 192.168.0.1 Mario Gaucher wrote me about 'redir', another TCP port forwarding tool running as a user process, in his reply. Mario, Thank you very much for providing me the useful information. It works fine without explicit route to 172.16.0.0/24 on the server. Because the server talks with the redir process on 192.168.0.1 instead of the client on 172.16.0.2. It's a difference between ipmasqadm portfw module and redir. I appreciate all persons who read my post and considered about it and sent reply to me. -- Ryoji Kobayashi [EMAIL PROTECTED] Riki Network Systems Inc. _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
