[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: Still, yes more, rdr problems..
From:       Ben H <bens_lists2 () mailandnews ! com>
Date:       2000-04-26 14:44:15
[Download RAW message or body]

On Wed, Apr 26, 2000 at 12:22:35PM +0400, Dmitriy Bokiy wrote:

> > > > here is a tcpdump of said attempt (sacred is 192.168.0.4 and lust is
> > > > 192.168.0.1)  (arp stuff removed, so they're probably really useful)
> > > 
> > > ...[the rest removed]...
> > > 
> > > In your case RDR won`t work within one network segment. As both contacting
> > > hosts belong to the same subnet they are trying to connect directly - not
> > > through you IP Filter box (your default gateway, right?). 
> > 
> > my Ip-filter box is 192.168.0.4 which it is trying to connect to, it worked
> > with ipfw..
>   
> Ah, OK I checked and RDR do works for me either with hosts (one of which IP
> Filter box) on different subnets or on the same, either with RDRing to 
> localhost or to alias, either RDRing rule is before or after map rules. The 
> only case when RDR doesn`t seem to work is when there`s no listener on the port 
> it RDRs to ;) 

i tried it, using aliasing, and got exactly the same results...

> So...uhmm, you do have apache or whatever bound to 
> 192.168.0.4:80, don`t you? :)

yes otherwise it wouldnt hang there it would be connect refused, and the
tcpdump shows that the packets aren't even going threre..

(and it's thttpd.. (:

> > > If you really need to do RDR inside you gotta place one of the hosts to
> > > another subnet.
> 
> Well, if anyone interested I was not always right here. I tried that as well 
> and twice failed and only once succeeded. It didn`t work with ancient 
> Digital UNIX box (it did arp lookup first) and FreeBSD box with arpwatch and 
> worked in case of FreeBSD 3.4 without arpwatch.

i tried similar things using ethereal, still no joy, my thinking is that the
ipnat isnt connected to the ip layer.. (can ya spot im out me depth yet?)

-- 
Ben,                                       <bro_evil(at)innocent(dot)com>
"Doing the wrong thing for the right reasons is better than doing 
                                   the right thing for the wrong reasons"

[prev in list] [next in list] [prev in thread] [next in thread]