Re: ip_forward - 2 nics

Thu, 07 Nov 2002 13:57:50 -0800 

On Thu, Nov 07, 2002 at 12:20:52PM -0800, Jeff wrote......
> > 
> > sumida:/etc/init.d# cat /proc/net/ip_conntrack
> > <snip>
> > udp  17 9 src=10.10.10.156 dst=192.168.2.254 sport=1059 dport=53
> > [UNREPLIED] src=192.168.2.254 dst=192.168.2.254 sport=53 dport=1059
> > use=1
> > udp  17 17 src=10.10.10.156 dst=167.206.112.4 sport=1061 dport=53
> > [UNREPLIED] src=167.206.112.4 dst=192.168.2.254 sport=53 dport=1061
> > use=1
> > 
> > The first destination (192.168.2.254) is the router.  The second dest is
> > a DNS server on the outside world.  In both cases the [UNREPLIED]
> > message is appended.  Is that the proxy box 'not replying'?
> 
> Ah, when you ping the world, are you pinging using a domain name or an
> IP?
 
I'm using an IP, not a domain name. It seems to try the ICMP ping packet
first ....

icmp     1 29 src=10.10.10.156 dst=66.70.90.121 type=8 code=0 id=22790
[UNREPLIED] src=66.70.90.121 dst=10.10.10.156 type=0 code=0 id=22790
use=1
udp      17 8 src=10.10.10.156 dst=167.206.112.3 sport=1112 dport=53
[UNREPLIED] src=167.206.112.3 dst=10.10.10.156 sport=53 dport=1112 use=1

.... and then when it doesn't get a reply, it tries sending a udp packet
to the DNS server (I've no idea why it does this).

Separately, I'm able to sit at sumida the proxy box and ping everything
and anything, both by ip and DN.  

> I appears you are using a domain name and it's not getting resolved.
> According to he cat above, your router is may be droping the DNS
> requests.  Could this router be doing a DNS proxy?  Try setting the
> DNS IP on your client and sumida to 192.168.10.254 and see if it
> works.  Also, where did 192.168.2.254 come from?  According to you
> original post, the network between sumida and the router is
> 192.168.10.0.

I tried changing the ip's for the DNS as you suggested ... no success.
The network was 192.168.10.0.  As part of mucking up the whole system, I
changed it at one point.  It is now 192.168.2.0.  I'm quite sure that I
was consistent with my changes throughout both boxes.

> One last thing, can you client ping 192.168.10.254?  That would prove
> that sumida is forwarding.
 
The client is not able to ping 192.168.2.254 (used to be
192.168.10.254). It can, however, ping the sumida the proxy box, both by
IP and by pinging sumida the DN.

Banging head against wall at this point.  This should be
straightforward.

Thanks
Kevin

-- 

Kevin Coyner
mailto: [EMAIL PROTECTED]
GnuPG key: 1024D/8CE11941

Attachment: msg11617/pgp00000.pgp
Description: PGP signature

Reply via email to