'Re: [Ipchains-dev] Re: NETFILTER-ICMP'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-ipchains-dev
Subject:    Re: [Ipchains-dev] Re: NETFILTER-ICMP
From:       Ronald Kuetemeier <dket () neti ! saber ! net>
Date:       1999-05-25 16:36:35
[Download RAW message or body]

Paul Rusty Russell wrote:

> In message <3744B02F.7D77EE60@mail.saber.net> you write:
> > Rusty, looks like there is a problem with ICMP routing.  I get a kernel panic
> > when I use an eth alias to route to another machine and have ip_nat.o loaded.
> > I just ping an alias address which should get routed by the netfilter host,
> > without ip_nat.o it works fine.
>
> Hi Ronald: sorry for the slow response, LinuxExpo...
>
> Please give more detail; this looks like a bug in the NAT code.  I
> gather you're talking about the case where no NAT rules are present
> yet (so it should just be recording connections?), and you're pinging
> through the box?  Output of ifconfig, and route -n would help here...
>

I have attached the ifconfig, route -n and lsmod output.  Nothing special there,
except the alias.   No rules yet, and only ipnat loaded (wanted to know the min.
reason for the panic ).


>
> > Sorry haven't more yet, I'm still trying to figure out NAT and stumbled over
> > this.  Guess you can fix it faster then I ever  can anyway.
>
> Well, tomorrow when I get my new monitor (my laptop screen broke, so
> life is hard right now)...
>
> > Anyway I get load-balancing (R)NAT to work only with masquerading,
> > any tips or is it suppose to be that way.  Somehow the binding issue
> > confuses me, without masq. the return packets are droped.
>
> It should work fine; what's your network topology and ipnatctl command
> line?
>

ipnatctl -I -p tcp -m dest -d 192.168.2.4 -t 192.168.2.1-192.168.2.3
--binding forward [where forward picks a number out of the --to range]

to make it work, and a binding will be found:
ipnatctl -I -p tcp -m source -d 192.168.2.0/24 --binding masquerade


|-----192.168.2.3
192.168.1.X      ------  192.168.1.1   ----|
                                                 192.168.2.1

x.x.2.[1,3] is used by the balacing code, which I have changed to be discovered
by a multicast.  In other words IGMP doesn't cause a panic, yeeeeah.
x.x.2.4 does not exist on the net and is used by the clients as the server ip

Hope you had fun at the LinuxExpo.  As you might have seen I had fun with
Netfilter/Samba over the weekend.
BTW. I had to start NT and wait that all these ugly broadcast disappear from the
net
and then start the balancing machine otherwise I would also get a panic. Guess
NT sends an ICMP sometimes with their broadcast discovery.  The broadcast by
themselves seem to do no harm, I just used the end of it to be on the save side.
I will send you my forward code, which is nothing more then your examples with
a selection, as soon as I have the multicast discovery in a state where I don't
embarrass myself  more then usual.  But it might include a link to a
Jini/Java-Space
system by then, just to warn you.

Ronald


>
> Rusty.
> --
> Tridge, Raster, DaveM, Cort, maddog... Where will you be 9-11 July 1999?
>                 http://www.linux.org.au/projects/calu
>
> ----------------------------------------------
> To unsubscribe to this list, write an email to
> ipchains-dev-request@rustcorp.com with a body
> of 'unsubscribe'.
>
> www.rustcorp.com - web site
> ftp.rustcorp.com - ftp site
> ----------------------------------------------

["conf" (text/plain)]

eth0      Link encap:Ethernet  HWaddr 02:60:8C:4D:16:AC  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          Interrupt:5 Base address:0x300 

eth0:0    Link encap:Ethernet  HWaddr 02:60:8C:4D:16:AC  
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:5 Base address:0x300 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:3924  Metric:1
          RX packets:18 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
224.0.0.0       0.0.0.0         240.0.0.0       U     0      0        0 eth0
Module                  Size  Used by
ip_nat                 13256   0 
3c503                   5104   1  (autoclean)
8390                    5944   0  (autoclean) [3c503]

----------------------------------------------
To unsubscribe to this list, write an email to
ipchains-dev-request@rustcorp.com with a body
of 'unsubscribe'.

www.rustcorp.com - web site
ftp.rustcorp.com - ftp site
----------------------------------------------


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic