Re: Can't access aliased ip address

[Chad Morgan]

 Chad,
 
   It sounds like you've fallen prey to the perils of assymmetric
 routing. For simplicity, I'll refer to your (my machine) external
 server
 to be machine A, eth0 to be ip-address B, and eth0:1 to be ip-address C.
 Here is how things are happening :
 
   Machine A sends echo request to C. 
 
   C replies. The routing table on your multihomed server says that
 the packet needs to travel out via eth0. The outgoing echo reply
 therefore
 will contain the source address of B.
 
   A is not listening for replies from B. It is listening for
 replies
 from C. Hence your problem.
 
   To see if I am right, filter tcpdump on the icmp protocol, rather
 than the host of C. If you see echo replies from B coming in, and echo
 requests for C going out, what I said is correct.
 
 Regards,
 Jor-el
 
 

This doesn't appear to be the problem. When I ping ip address C, from
machine A (my computer at a remote location) tcpdump icmp -i eth0 yields
only a request.
However, once I ping ip address B from Machine A it will show both the
request and the reply.

Also, I just looked at the syslog, which I probably should've done earlier
and found the following:

Jan  2 15:23:46 hostname kernel: Packet log: input DENY eth0 PROTO=1
MACHINEA:8 IPADDRC:0 L=92 S=0x00 I=0 F=0x4000 T=43 (#9)

Should I be looking at the firewall as the cause of the problem. However
temporarily using
ipchains -P input ACCEPT and ipchains -P output ACCEPT before going back to
the regular firewall settings gave me the exact same result. Do I need to
specifically specifiy IP Address C in the firewall script or am I chasing a
dead end?

Chad

Re: Can't access aliased ip address

[Jor-el]

Chad,

On Wed, 2 Jan 2002, Chad Morgan wrote:

 
 This doesn't appear to be the problem. When I ping ip address C, from
 machine A (my computer at a remote location) tcpdump icmp -i eth0 yields
 only a request.
 However, once I ping ip address B from Machine A it will show both the
 request and the reply.
 
This is puzzling. Your first sentence breaks my hypothesis and the
second sentence strengthens it. Perhaps if you could provide your routing
table more legibly, it would be of more help (use the -n option of route).
The hostnames in your prev. post were truncated and it was hard to guess
how the routing was setup.

Also try the following : from B / C, do 
1.  traceroute A
2.  traceroute A -s C

On A, monitor the traffic using a filter for src = A or dst = A
and post the results.

 Also, I just looked at the syslog, which I probably should've done earlier
 and found the following:
 
 Jan  2 15:23:46 hostname kernel: Packet log: input DENY eth0 PROTO=1
 MACHINEA:8 IPADDRC:0 L=92 S=0x00 I=0 F=0x4000 T=43 (#9)
 
I dont know what this log entry means. Its possible that you have
a firewall problem but your symptoms are more indicative of a routing
problem. Perhaps the output of 'ipchains -L -v -n' would help (Note: I run
iptables and I'm guessing that its options are similar to ipchains. The -n
will produce numeric, rather than symbolic output).

Regards,
Jor-el

Re: Can't access aliased ip address

[Chad Morgan]

On 2002.01.02 22:19 Jor-el wrote:

 The hostnames in your prev. post were truncated and it was hard to guess
 how the routing was setup.
 
Here is an easier to read routing table:
Kernel IP routing table
Destination Gateway Genmask Flags Metric RefUse
Iface
216.86.213.93   0.0.0.0 255.255.255.255 UH0  00
eth0
216.86.213.94   0.0.0.0 255.255.255.255 UH0  00
eth0
192.168.0.0 0.0.0.0 255.255.255.0   U 0  00
eth1
216.86.213.00.0.0.0 255.255.255.0   U 0  00
eth0
0.0.0.0 216.86.213.10.0.0.0 UG1  00
eth0


   Also try the following : from B / C, do 
 1.  traceroute A
 2.  traceroute A -s C
 
traceroute A works as expected. However traceroute A -s C results in:

 1 traceroute: wrote 24.52.153.102 38 chars, ret=-1
 *traceroute: wrote 24.52.153.102 38 chars, ret=-1
 *traceroute: wrote 24.52.153.102 38 chars, ret=-1

Note: each of the above lines were preceded by:
traceroute: sendto: Operation not permitted

which for somereason wasn't included in the output oftraceroute A -s C
 traceroute

I've noticed this on a few other procedures I've tried to do, but it isn't
really that big of a deal to add the other information. But I know there is
a way to capture the screen, I just don't know how to do it. 

   On A, monitor the traffic using a filter for src = A or dst = A
 and post the results.

I don't think that I can do this. A is a D-Link Wireless cable modem/dsl
router. I tried it anyway and didn't pick up anything from things that I
know work.
  
  Jan  2 15:23:46 hostname kernel: Packet log: input DENY eth0 PROTO=1
  MACHINEA:8 IPADDRC:0 L=92 S=0x00 I=0 F=0x4000 T=43 (#9)
  
   I dont know what this log entry means. Its possible that you have
 a firewall problem but your symptoms are more indicative of a routing
 problem. Perhaps the output of 'ipchains -L -v -n' would help (Note: I
 run
 iptables and I'm guessing that its options are similar to ipchains. The
 -n
 will produce numeric, rather than symbolic output).
 

That worked just fine, here is the output:

Chain input (policy ACCEPT: 0 packets, 0 bytes):
 pkts bytes target prot opttosa tosx  ifname mark   outsize
 sourcedestination   ports
39536 3757K ACCEPT all  -- 0xFF 0x00  lo   
 0.0.0.0/00.0.0.0/0 n/a
0 0 DENY   all  l- 0xFF 0x00  !lo  
 127.0.0.0/8  0.0.0.0/0 n/a
89474 7888K ACCEPT all  -- 0xFF 0x00  eth0 
 216.86.213.0/24  0.0.0.0/0 n/a
 204K   21M ACCEPT all  -- 0xFF 0x00  eth1 
 192.168.0.0/24   0.0.0.0/0 n/a
0 0 DENY   all  l- 0xFF 0x00  eth0 
 216.86.213.0/24  0.0.0.0/0 n/a
0 0 DENY   all  l- 0xFF 0x00  eth0 
 192.168.0.0/24   0.0.0.0/0 n/a
 234K  189M ACCEPT all  -- 0xFF 0x00  eth0 
 0.0.0.0/0216.86.213.93 n/a
0 0 ACCEPT all  -- 0xFF 0x00  eth0 
 0.0.0.0/0216.86.213.255n/a
17858 1487K DENY   all  l- 0xFF 0x00  *
 0.0.0.0/00.0.0.0/0 n/a
Chain forward (policy DENY: 0 packets, 0 bytes):
 pkts bytes target prot opttosa tosx  ifname mark   outsize
 sourcedestination   ports
0 0 MASQ   all  -- 0xFF 0x00  eth0 
 192.168.0.2  0.0.0.0/0 n/a
0 0 MASQ   all  -- 0xFF 0x00  eth0 
 192.168.0.21 0.0.0.0/0 n/a
 4464  690K MASQ   all  -- 0xFF 0x00  eth0 
 192.168.0.22 0.0.0.0/0 n/a
  443 66229 MASQ   all  -- 0xFF 0x00  eth0 
 192.168.0.23 0.0.0.0/0 n/a
  257 38564 MASQ   all  -- 0xFF 0x00  eth0 
 192.168.0.24 0.0.0.0/0 n/a
   58  4837 MASQ   all  -- 0xFF 0x00  eth0 
 192.168.0.25 0.0.0.0/0 n/a
0 0 MASQ   all  -- 0xFF 0x00  eth0 
 192.168.0.26 0.0.0.0/0 n/a
 2606  571K MASQ   all  -- 0xFF 0x00  eth0 
 192.168.0.27 0.0.0.0/0 n/a
 2641  367K MASQ   all  -- 0xFF 0x00  eth0 
 192.168.0.28 0.0.0.0/0 n/a
0 0 MASQ   all  -- 0xFF 0x00  eth0 
 192.168.0.2540.0.0.0/0 n/a
Chain output (policy ACCEPT: 0 packets, 0 bytes):
 pkts bytes target prot opttosa tosx  ifname mark   

Re: Can't access aliased ip address

[L Vogtmann]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wednesday 02 January 2002 07:02 pm, Jason M. Harvey wrote:
 yes, ipmasqadm should work for the port forwarding. actually, i know
 someone else who uses ipmasqadm to forward telnet traffic from his
 external ip to another pc with a private ip.
 having other users who may/will want pcanywhere may definitly be an
 issue for you to consider! i've never used it myself... one of these
 years i have to install it just to see what options it has - like
 specifying other ports! (yes, i'm stuck with that other os at my job!)

I know this isn't much to add, but it is an idea to look at if other users
might want pcanywhere access.

(Mind you, I'm not very experienced with advanced routing configurations, but
I'm fairly certain this is possible.)

Find out the IP address of the user with DSL who wants in to his system.
Then write a rule specifying that a request for the pcanywhere port on the
firewall from this (and only this) IP should go to _his_ internal machine.
Add more rules like this for other users.

I would say that is more secure than having multiple ports open for
pcanywhere, and much easier for your clients, as they wouldn't have to
reconfigure.

(Mind you, each person would require another line in your firewall script,
and no dynamic IP's)
snip
- --
vmann
reduce(lambda x,y:x+y,map(lambda
 x:chr(ord(x)^42),tuple('zS^BED\nX_FOY\x0b'))) GnuPG/PGP Fingerprint CE80
 018B D825 6DF1 4990  C15F E11A B17E 4A0C D133 Sair Linux and GNU Certified
 Administrator #563619
Whidbey Linux Users Group - http://www.wlug.net
http://vmann.net
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8NNEf4RqxfkoM0TMRAmcMAJ9aMJ8lMf4zq1sn8NoScsX0EG/m6gCggSiH
cpdAjKQ2/I0HVvWib1JG5xE=
=JGWK
-END PGP SIGNATURE-

Re: Can't access aliased ip address

[Jason M. Harvey]

hello,

if this person wants to use pcanywhere from home... which ip address is
he using for pcanywhere to connect to? unless he's using some sort of
vpn setup between home and work, he won't get to his office pc.
are you running masquerading on the pc 216.86.213.93? if the 196.168
network is translated to that ip, you'll need to forward ports 5631 and
5632 from 216.86.213.93 back to his ip (192.168.y.z). once you've done
that, he will be able to pcanywhere to 216.86.213.93 and invisible
to him will be the forwarding of pcanywhere to his private ip.

i've configured many routers that run NAT and needed to do the same
thing. i've never done port forwarding with ipchains/iptables but i'm
positive that it can be done. 

it sounds like what i'm advising is a little off-track of what you were
looking at before... if someone else has better suggestion, listen to
them! the port-forwarding will work, but it may be a little more for you
to set up...

good luck,
jason

On Wed, Jan 02, 2002 at 06:19:46PM -0800, Chad Morgan wrote:
| I have a gateway to share a dsl line with about 20 users that all use win
| 9x or a more recent windows product. One of the users wants to be able to
| setup pcanywhere so he can access his office computer using his cable modem
| at home instead of the phone line.
| 
| This is the output of ifconfig:
| 
| eth0  Link encap:Ethernet  HWaddr 00:A0:CC:23:A3:AC  
|   inet addr:216.86.213.93  Bcast:216.86.213.255  Mask:255.255.255.0
|   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
|   RX packets:241367 errors:0 dropped:0 overruns:0 frame:0
|   TX packets:260291 errors:0 dropped:0 overruns:0 carrier:0
|   collisions:41 txqueuelen:100 
|   Interrupt:10 Base address:0x6000 
| 
| eth0:1Link encap:Ethernet  HWaddr 00:A0:CC:23:A3:AC  
|   inet addr:216.86.213.94  Bcast:216.86.213.255  Mask:255.255.255.0
|   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
|   Interrupt:10 Base address:0x6000 
| 
| eth1  Link encap:Ethernet  HWaddr 00:A0:CC:5A:CB:A2  
|   inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
|   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
|   RX packets:191550 errors:0 dropped:0 overruns:0 frame:0
|   TX packets:233023 errors:0 dropped:0 overruns:0 carrier:0
|   collisions:0 txqueuelen:100 
|   Interrupt:11 Base address:0x6100 
| 
| loLink encap:Local Loopback  
|   inet addr:127.0.0.1  Mask:255.0.0.0
|   UP LOOPBACK RUNNING  MTU:3924  Metric:1
|   RX packets:38940 errors:0 dropped:0 overruns:0 frame:0
|   TX packets:38940 errors:0 dropped:0 overruns:0 carrier:0
|   collisions:0 txqueuelen:0 
| 
| And this is the output of route:
| 
| Kernel IP routing table
| Destination Gateway Genmask Flags Metric RefUse
| Iface
| adsl-gte-la-216 *   255.255.255.255 UH0  00
| eth0
| adsl-gte-la-216 *   255.255.255.255 UH0  00
| eth0
| 192.168.0.0 *   255.255.255.0   U 0  00
| eth1
| 216.86.213.0*   255.255.255.0   U 0  00
| eth0
| default adsl-gte-la-216 0.0.0.0 UG1  00
| eth0
| 
| Note: the the first two entires are the hosts associated with eth:0 and
| eth0:1
| 
| Now, I'm a remote location but when logged into this machine I can ping all
| ip addresses.
| 
| From my machine I get no responce when I try and ping the address
| associated with eth0:1 however when I use tcpdump host 216.86.213.94 I get
| the following result while pinging that address from my machine so it looks
| like it is getting something but not answering.
| 
| 11:31:07.232889 ca-brea2a-102.stmnca.adelphia.net 
| adsl-gte-la-216-86-213-94.mminternet.com: icmp: echo request (DF)
| 
| Also, it is not possible for me to ask someone at the site to try to ping
| the eth0:1 address from a machine on the 192.168.0 segment, however I'll be
| in the area tomorrow (only 15-20 minutes out of my way) and can swing by
| and see if it is working from there if absolutely necessary.
| 
| This is also a repost, I've incorporated all of the advice from my original
| post but more important priorities forced me to put this on the back
| burner. That always catches up with me since now this is a fire that I need
| to put out.
| 
| If I can't get the aliasing to work the way I want it to, I'll have to go
| down there tomorrow and throw in another NIC for the second address but I
| don' really want to do that because it is possible that more people will
| want the same and I don't want to have to keep adding cards. Space and
| maintenance are more of issues than cost. 
| 
| Also, it isn't practical to just give that computer an external ip address
| because it is behind another hub on the 192 segment.
| 
| Any assistance or advice would be greatly appreciated.
| 
| Chad 

Re: Can't access aliased ip address

[Chad Morgan]

On 2002.01.02 18:29 Jason M. Harvey wrote:
 hello,
 
 if this person wants to use pcanywhere from home... which ip address is
 he using for pcanywhere to connect to? unless he's using some sort of
 vpn setup between home and work, he won't get to his office pc.
 are you running masquerading on the pc 216.86.213.93? if the 196.168
 network is translated to that ip, you'll need to forward ports 5631 and
 5632 from 216.86.213.93 back to his ip (192.168.y.z). once you've done
 that, he will be able to pcanywhere to 216.86.213.93 and invisible
 to him will be the forwarding of pcanywhere to his private ip.
 
This is actually a better idea for my worst case scenario of having to add
another NIC if I can't get the aliased address to work.
However, there is someone else that has been toying with the pcanywhere
idea as well and I'm pretty sure once it is working for this guy the other
one will want it too.
I don't use pcanywhere so I don't know if you can manually specify a
different port. If you can I guess I could give everyone that wants it a
different port on the *.93 address but not using the defaults could create
some unique support situations when people forget their assigned port or
don't know how to change the defaults and I'd like to avoid that.

 i've configured many routers that run NAT and needed to do the same
 thing. i've never done port forwarding with ipchains/iptables but i'm
 positive that it can be done. 
 
I haven't setup the port forwarding yet since traffic to the address I
wanted to use wasn't getting there anyway.
I was planning on using ipmasqadm to do the port fowarding once I can
forward traffic on the address that I would like to use.

Thanks,
Chad


 it sounds like what i'm advising is a little off-track of what you were
 looking at before... if someone else has better suggestion, listen to
 them! the port-forwarding will work, but it may be a little more for you
 to set up...
 
 good luck,
 jason
 
 On Wed, Jan 02, 2002 at 06:19:46PM -0800, Chad Morgan wrote:
 | I have a gateway to share a dsl line with about 20 users that all use
 win
 | 9x or a more recent windows product. One of the users wants to be able
 to
 | setup pcanywhere so he can access his office computer using his cable
 modem
 | at home instead of the phone line.
 | 
 | This is the output of ifconfig:
 | 
 | eth0  Link encap:Ethernet  HWaddr 00:A0:CC:23:A3:AC  
 |   inet addr:216.86.213.93  Bcast:216.86.213.255 
 Mask:255.255.255.0
 |   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
 |   RX packets:241367 errors:0 dropped:0 overruns:0 frame:0
 |   TX packets:260291 errors:0 dropped:0 overruns:0 carrier:0
 |   collisions:41 txqueuelen:100 
 |   Interrupt:10 Base address:0x6000 
 | 
 | eth0:1Link encap:Ethernet  HWaddr 00:A0:CC:23:A3:AC  
 |   inet addr:216.86.213.94  Bcast:216.86.213.255 
 Mask:255.255.255.0
 |   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
 |   Interrupt:10 Base address:0x6000 
 | 
 | eth1  Link encap:Ethernet  HWaddr 00:A0:CC:5A:CB:A2  
 |   inet addr:192.168.0.1  Bcast:192.168.0.255 
 Mask:255.255.255.0
 |   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
 |   RX packets:191550 errors:0 dropped:0 overruns:0 frame:0
 |   TX packets:233023 errors:0 dropped:0 overruns:0 carrier:0
 |   collisions:0 txqueuelen:100 
 |   Interrupt:11 Base address:0x6100 
 | 
 | loLink encap:Local Loopback  
 |   inet addr:127.0.0.1  Mask:255.0.0.0
 |   UP LOOPBACK RUNNING  MTU:3924  Metric:1
 |   RX packets:38940 errors:0 dropped:0 overruns:0 frame:0
 |   TX packets:38940 errors:0 dropped:0 overruns:0 carrier:0
 |   collisions:0 txqueuelen:0 
 | 
 | And this is the output of route:
 | 
 | Kernel IP routing table
 | Destination Gateway Genmask Flags Metric RefUse
 | Iface
 | adsl-gte-la-216 *   255.255.255.255 UH0  00
 | eth0
 | adsl-gte-la-216 *   255.255.255.255 UH0  00
 | eth0
 | 192.168.0.0 *   255.255.255.0   U 0  00
 | eth1
 | 216.86.213.0*   255.255.255.0   U 0  00
 | eth0
 | default adsl-gte-la-216 0.0.0.0 UG1  00
 | eth0
 | 
 | Note: the the first two entires are the hosts associated with eth:0 and
 | eth0:1
 | 
 | Now, I'm a remote location but when logged into this machine I can ping
 all
 | ip addresses.
 | 
 | From my machine I get no responce when I try and ping the address
 | associated with eth0:1 however when I use tcpdump host 216.86.213.94 I
 get
 | the following result while pinging that address from my machine so it
 looks
 | like it is getting something but not answering.
 | 
 | 11:31:07.232889 ca-brea2a-102.stmnca.adelphia.net 
 | adsl-gte-la-216-86-213-94.mminternet.com: icmp: echo request (DF)
 | 
 | Also, it is not possible for me 

Re: Can't access aliased ip address

[Jason M. Harvey]

hi chad,

yes, ipmasqadm should work for the port forwarding. actually, i know
someone else who uses ipmasqadm to forward telnet traffic from his
external ip to another pc with a private ip.
having other users who may/will want pcanywhere may definitly be an
issue for you to consider! i've never used it myself... one of these
years i have to install it just to see what options it has - like
specifying other ports! (yes, i'm stuck with that other os at my job!)

~jason

On Wed, Jan 02, 2002 at 06:52:24PM -0800, Chad Morgan wrote:
| On 2002.01.02 18:29 Jason M. Harvey wrote:
|  hello,
|  
|  if this person wants to use pcanywhere from home... which ip address is
|  he using for pcanywhere to connect to? unless he's using some sort of
|  vpn setup between home and work, he won't get to his office pc.
|  are you running masquerading on the pc 216.86.213.93? if the 196.168
|  network is translated to that ip, you'll need to forward ports 5631 and
|  5632 from 216.86.213.93 back to his ip (192.168.y.z). once you've done
|  that, he will be able to pcanywhere to 216.86.213.93 and invisible
|  to him will be the forwarding of pcanywhere to his private ip.
|  
| This is actually a better idea for my worst case scenario of having to add
| another NIC if I can't get the aliased address to work.
| However, there is someone else that has been toying with the pcanywhere
| idea as well and I'm pretty sure once it is working for this guy the other
| one will want it too.
| I don't use pcanywhere so I don't know if you can manually specify a
| different port. If you can I guess I could give everyone that wants it a
| different port on the *.93 address but not using the defaults could create
| some unique support situations when people forget their assigned port or
| don't know how to change the defaults and I'd like to avoid that.
| 
|  i've configured many routers that run NAT and needed to do the same
|  thing. i've never done port forwarding with ipchains/iptables but i'm
|  positive that it can be done. 
|  
| I haven't setup the port forwarding yet since traffic to the address I
| wanted to use wasn't getting there anyway.
| I was planning on using ipmasqadm to do the port fowarding once I can
| forward traffic on the address that I would like to use.
| 
| Thanks,
| Chad
| 
| 
| 

-- 
registered linux user #202942
http://counter.li.org/

http://www.theigloo.dhs.org

Re: Can't access aliased ip address

[Jor-el]

On Wed, 2 Jan 2002, Chad Morgan wrote:

 
 eth0  Link encap:Ethernet  HWaddr 00:A0:CC:23:A3:AC  
   inet addr:216.86.213.93  Bcast:216.86.213.255  Mask:255.255.255.0
   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
   RX packets:241367 errors:0 dropped:0 overruns:0 frame:0
   TX packets:260291 errors:0 dropped:0 overruns:0 carrier:0
   collisions:41 txqueuelen:100 
   Interrupt:10 Base address:0x6000 
 
 eth0:1Link encap:Ethernet  HWaddr 00:A0:CC:23:A3:AC  
   inet addr:216.86.213.94  Bcast:216.86.213.255  Mask:255.255.255.0
   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
   Interrupt:10 Base address:0x6000 
 

snip

 
 Kernel IP routing table
 Destination Gateway Genmask Flags Metric RefUse
 Iface
 adsl-gte-la-216 *   255.255.255.255 UH0  00
 eth0
 adsl-gte-la-216 *   255.255.255.255 UH0  00
 eth0
 192.168.0.0 *   255.255.255.0   U 0  00
 eth1
 216.86.213.0*   255.255.255.0   U 0  00
 eth0
 default adsl-gte-la-216 0.0.0.0 UG1  00
 eth0
 
 Note: the the first two entires are the hosts associated with eth:0 and
 eth0:1
 
 Now, I'm a remote location but when logged into this machine I can ping all
 ip addresses.
 
 From my machine I get no responce when I try and ping the address
 associated with eth0:1 however when I use tcpdump host 216.86.213.94 I get
 the following result while pinging that address from my machine so it looks
 like it is getting something but not answering.
 
 11:31:07.232889 ca-brea2a-102.stmnca.adelphia.net 
 adsl-gte-la-216-86-213-94.mminternet.com: icmp: echo request (DF)
 
Chad,

It sounds like you've fallen prey to the perils of assymmetric
routing. For simplicity, I'll refer to your (my machine) external server
to be machine A, eth0 to be ip-address B, and eth0:1 to be ip-address C.
Here is how things are happening :

Machine A sends echo request to C. 

C replies. The routing table on your multihomed server says that
the packet needs to travel out via eth0. The outgoing echo reply therefore
will contain the source address of B.

A is not listening for replies from B. It is listening for replies
from C. Hence your problem.

To see if I am right, filter tcpdump on the icmp protocol, rather
than the host of C. If you see echo replies from B coming in, and echo
requests for C going out, what I said is correct.

Regards,
Jor-el