Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Technical

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 4th August 2011, 02:23
johncongdon johncongdon is offline
Junior Member
 
Join Date: Aug 2011
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

ARGH, My ascii art got messed up

In words, A connects to another more expensive pipe. So my client wants to connect to the server through B on a cheaper internet connection.

Here is the tcpdump from A.

Quote:
root@PSWEBNODE1 [~]# tcpdump -i eth1 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
19:10:15.712422 IP 10.0.73.11 > MachineC: ICMP echo request, id 13396, seq 54, length 64
19:10:16.712385 IP 10.0.73.11 > MachineC: ICMP echo request, id 13396, seq 55, length 64
19:10:17.712322 IP 10.0.73.11 > MachineC: ICMP echo request, id 13396, seq 56, length 64
19:10:18.712270 IP 10.0.73.11 > MachineC: ICMP echo request, id 13396, seq 57, length 64
Reply With Quote
Sponsored Links
  #12  
Old 4th August 2011, 10:28
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

ahhhh, so:

A -> C goes over line B
C -> A goed over line A

That could mess things up. Also the tcpdump shows you the replies are not reaching A.
They do reach B, but B want to send them over another line to A ?

Though i think i understand your ASCII art now ;-)

- A and B are both connected to the same internal private network.
- A is connected to external net 1
- B is connected to external net 2
- C is connected somewhere completely different (on the other side of the world f.e.)

Show me:
- iptables-save (server A and B)
- route -n (server A and B)
Reply With Quote
  #13  
Old 4th August 2011, 22:32
johncongdon johncongdon is offline
Junior Member
 
Join Date: Aug 2011
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I was just informed that the physical machine was put in and worked right away. Turns out there was an ACL in the virtual environment that I had zero control over.

I'm not crazy... Yipee!

Thanks for trying.
Reply With Quote
  #14  
Old 5th August 2011, 10:17
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

Quote:
Turns out there was an ACL in the virtual environment that I had zero control over.
aaaaaaaaargl .. i think i just pulled out a pluck of hair from my head
Reply With Quote
  #15  
Old 22nd August 2011, 13:52
pamellayao pamellayao is offline
Junior Member
 
Join Date: Aug 2011
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I have done that as well. Both give me the same results. The SNAT was a last attempt and something that I read was "more secure" than just masquerade.

Last edited by pamellayao; 22nd August 2011 at 13:55.
Reply With Quote
  #16  
Old 22nd August 2011, 13:54
pamellayao pamellayao is offline
Junior Member
 
Join Date: Aug 2011
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

The SNAT was a last attempt and something that I read was "more secure" than just masquerade.
Reply With Quote
Reply

Bookmarks

Tags
iptables, masquerade

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Port foreword + openVPN + iptables ? flan Server Operation 0 16th May 2011 00:31
ISPConfig 3 problems with mail Help me !!!!!!! albertox26 Installation/Configuration 8 27th December 2010 20:57
ISPC 3.0.3 - Help me optimize Apache+MySQL itsnedkeren Installation/Configuration 7 23rd November 2010 13:43
IPtables rule to let PPTP access LAN brianwebb01 Installation/Configuration 0 1st May 2008 22:23
iptables issue with xen perfect setup - debian alexnz HOWTO-Related Questions 3 25th November 2006 14:49


All times are GMT +2. The time now is 21:11.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.