Problems with Routing (was RE: [LARTC] Losing Packets after a DNAT in prerouting)
Wel that helped, but I'm still having problems. Here is what is happening now: I send a packet from 134.173.94.7 to 134.173.95.146 (those devices are on the same network). It goes into my router on eth2 and gets DNATed to 192.168.5.9 which is on eth3. It gets routed properly and gets to my machine at 192.168.5.9. My machine at 192.168.5.9 responds. It goes back into my router on eth3. My router routes the packet out eth0 and the automatic rule sets to source address back to 134.173.95.146. Since the packet has a source address that is on the wrong interface the packet is dropped. It appears that my problem is that I need it to route the connection back out the same interface that it came in on. However for new connections I need it to use eth0 as the default route. Thanks Jefferson Cowart [EMAIL PROTECTED] -Original Message- From: pramod [mailto:[EMAIL PROTECTED] Sent: Sunday, July 17, 2005 22:08 To: Jefferson Cowart Cc: lartc@mailman.ds9a.nl Subject: Re: [LARTC] Losing Packets after a DNAT in prerouting I am sorry In the second option i did a mistake Do the following things... 1) Restore the arp_filter to default.. 2) Set rp_filter to 0 (zero) thanks pramod ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Losing Packets after a DNAT in prerouting
Sorry this took so long. In any case I've included all the parts of my rules file that I think are relevent below. Let me know if there is anything else needed. When I send packets to 134.173.95.144 I see them appear in the tcpdump on the incoming interface (eth2). I also see them in my kernel log from the log entry in the prerouting chain. I however do not see them in my forward chain and they don't actually make it to 192.168.5.9. (I've tried adding logging rules there, but the packets don't appear. All my drop rules are preceded by a log step.) Firewall Rules == Chain PREROUTING (policy ACCEPT 13M packets, 2207M bytes) pkts bytes target prot opt in out source destination 3 144 LOGtcp -- eth2 * 134.173.64.0/19 134.173.95.144 tcp dpt:3389 LOG flags 0 level 4 3 144 DNAT tcp -- eth2 * 134.173.64.0/19 134.173.95.144 tcp dpt:3389 to:192.168.5.9:3389 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- eth2 eth3134.173.64.0/19 192.168.5.9 tcp dpt:3389 Routing Rules = # ip rule 0: from all lookup local 200:from 134.173.69.154/31 lookup 200 201:from 134.173.91.144/30 lookup 201 202:from 134.173.95.144/30 lookup 202 203:from 192.168.5.128/25 lookup 203 204:from 192.168.5.0/25 lookup 204 250:from all lookup 250 # ip route show table 250 192.168.5.0/24 dev eth3 scope link 134.173.68.0/23 dev eth0 scope link 134.173.92.0/22 dev eth2 scope link 134.173.88.0/22 dev eth1 scope link default via 134.173.69.254 dev eth0 pramod wrote: Can u attach ur Rules file.. thanks pramod ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Losing Packets after a DNAT in prerouting
Did u do this cat /proc/sys/net/ipv4/conf/all/forwarding the output should be 1 Also cat /proc/sys/net/ipv4/conf/all/arp_filter this should also be 1 thanks pramod ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] Losing Packets after a DNAT in prerouting
I had already done the first of those. Changing the second didn't seem to fix anything. Thanks Jefferson Cowart [EMAIL PROTECTED] -Original Message- From: pramod [mailto:[EMAIL PROTECTED] Sent: Saturday, July 16, 2005 02:24 To: Jefferson Cowart Cc: lartc@mailman.ds9a.nl Subject: Re: [LARTC] Losing Packets after a DNAT in prerouting Did u do this cat /proc/sys/net/ipv4/conf/all/forwarding the output should be 1 Also cat /proc/sys/net/ipv4/conf/all/arp_filter this should also be 1 thanks pramod ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Losing Packets after a DNAT in prerouting
Can u attach ur Rules file.. thanks pramod ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Losing Packets after a DNAT in prerouting
I'm trying to setup some DNAT and the packets seem to be disappearing after the PREROUTING step. The packets are coming in eth2 (both LOG targets in iptables and tcpdump confirm this). They are then DNATed to an IP that should cause them to go out eth3. However I never see them go out that interface. I have tried putting LOG rules into the FORWARD chain with no success. I'm pretty sure the packet isn't hitting a DROP rule as all my DROP rules have a LOG rule directly in front of them. Any idea how to track down the missing packets? Thanks Jefferson Cowart [EMAIL PROTECTED] ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
