Re: [Shorewall-users] Problem with nat on a multiple isp configuration

Thu, 12 Apr 2012 07:13:10 -0700 

On Thu, Apr 12, 2012 at 3:19 PM, Tom Eastep <[email protected]> wrote:

> On 04/11/2012 11:20 PM, Alessandro Faglia wrote:
>
> >
> > For what I understand I shouldn't have any output from tcpdump, or is it
> > normal? Do you see routing issues?
> >
>
> That looks okay. Now try running tcpdump on eth4 while you are testing;
> do you see response packets being sent out of eth4 rather than ppp0?
>

Yes I do:

# tcpdump -nei eth4 port 25 and host <nmap-host-ip>
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth4, link-type EN10MB (Ethernet), capture size 96 bytes
16:05:53.308093 00:04:23:e0:8a:51 > 00:25:9c:ca:6d:46, ethertype IPv4
(0x0800), length 58: <wan-ip>.25 >  <nmap-host-ip> .36640: S
283332995:283332995(0) ack 2424569839 win 5840 <mss 1460>
16:05:53.406159 00:04:23:e0:8a:51 > 00:25:9c:ca:6d:46, ethertype IPv4
(0x0800), length 58: <wan-ip> .25 >  <nmap-host-ip> .36641: S
382851284:382851284(0) ack 2424504304 win 5840 <mss 1460>
16:05:57.032048 00:04:23:e0:8a:51 > 00:25:9c:ca:6d:46, ethertype IPv4
(0x0800), length 58: <wan-ip> .25 >  <nmap-host-ip> .36640: S
283332995:283332995(0) ack 2424569839 win 5840 <mss 1460>
16:05:57.831952 00:04:23:e0:8a:51 > 00:25:9c:ca:6d:46, ethertype IPv4
(0x0800), length 58: <wan-ip> .25 >  <nmap-host-ip> .36641: S
382851284:382851284(0) ack 2424504304 win 5840 <mss 1460>

In this case <wan-ip> is the public IP (#1 in my previous examples) I'm
running nmap against from the test host:
# nmap -p 25 <wan-ip>

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-04-12 16:05
CEST
Interesting ports on  <wan-ip> :
PORT   STATE    SERVICE
25/tcp filtered smtp

Nmap finished: 1 IP address (1 host up) scanned in 6.890 seconds

So I have packets flowing back thru eth4 that shouldn't be there, am I
correct? Is it a setup problem?


Thanks.
Alessandro

------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to