2013-02-08 08:33:08 |
Pieter De Wit |
description |
Hi,
Here is my setup:
eth0 ---\
SERVER ---> eth1 ---> ppp0 (pppoe)
eth2 ---/
I have stripped the iptables config to the bear requirements for NAT:
*nat
:PREROUTING ACCEPT [41024:3267406]
:INPUT ACCEPT [36053:2477434]
:OUTPUT ACCEPT [39588:2527196]
:POSTROUTING ACCEPT [39961:2568225]
-A POSTROUTING -s 192.168.4.0/24 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 192.168.5.0/24 -o ppp0 -j MASQUERADE
COMMIT
eth0 = 192.168.4.0/24
eth2 = 192.168.5.0/24
If I run "tcpdump -i ppp0 -n net 192.168.0.0/16" I do see packets leaving ppp0, "unNAT'ed":
21:14:55.974633 IP 192.168.5.109.49458 > 17.152.19.51.443: Flags [F.], seq 1404846587, ack 269222910, win 16384, options [nop,nop,sack 1 {4381:5764}], length 0
21:14:56.990586 IP 192.168.5.109.49458 > 17.152.19.51.443: Flags [F.], seq 0, ack 1, win 16384, options [nop,nop,sack 1 {4381:5764}], length 0
21:14:58.713042 IP 192.168.5.109.49458 > 17.152.19.51.443: Flags [F.], seq 0, ack 1, win 16384, options [nop,nop,sack 1 {4381:5764}], length 0
21:15:02.258076 IP 192.168.5.109.49458 > 17.152.19.51.443: Flags [F.], seq 0, ack 1, win 16384, options [nop,nop,sack 1 {4381:5764}], length 0
21:17:13.711341 IP 192.168.5.109.49458 > 17.152.19.51.443: Flags [F.], seq 0, ack 1, win 16384, options [nop,nop,sack 1 {4381:5764}], length 0
I also can't access certain sites using https, like freelancer.com and iTunes from my iphone (eth2 via wireless).
This used to work. In between I have upgraded to linux-image-3.2.0-36-powerpc64-smp 3.2.0-36.57 and linux-image-3.2.0-38-powerpc64-smp 3.2.0-38.59 and both seem to have the issue.
I havn't back tracked the kernels to a working one yet - working on that atm. |
Hi,
Here is my setup:
eth0 ---\
SERVER ---> eth1 ---> ppp0 (pppoe)
eth2 ---/
I have stripped the iptables config to the bear requirements for NAT:
(I have also tried this with just one MASQ statement - same result
Also - Source NAT - same result)
*nat
:PREROUTING ACCEPT [41024:3267406]
:INPUT ACCEPT [36053:2477434]
:OUTPUT ACCEPT [39588:2527196]
:POSTROUTING ACCEPT [39961:2568225]
-A POSTROUTING -s 192.168.4.0/24 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 192.168.5.0/24 -o ppp0 -j MASQUERADE
COMMIT
eth0 = 192.168.4.0/24
eth2 = 192.168.5.0/24
If I run "tcpdump -i ppp0 -n net 192.168.0.0/16" I do see packets leaving ppp0, "unNAT'ed":
21:14:55.974633 IP 192.168.5.109.49458 > 17.152.19.51.443: Flags [F.], seq 1404846587, ack 269222910, win 16384, options [nop,nop,sack 1 {4381:5764}], length 0
21:14:56.990586 IP 192.168.5.109.49458 > 17.152.19.51.443: Flags [F.], seq 0, ack 1, win 16384, options [nop,nop,sack 1 {4381:5764}], length 0
21:14:58.713042 IP 192.168.5.109.49458 > 17.152.19.51.443: Flags [F.], seq 0, ack 1, win 16384, options [nop,nop,sack 1 {4381:5764}], length 0
21:15:02.258076 IP 192.168.5.109.49458 > 17.152.19.51.443: Flags [F.], seq 0, ack 1, win 16384, options [nop,nop,sack 1 {4381:5764}], length 0
21:17:13.711341 IP 192.168.5.109.49458 > 17.152.19.51.443: Flags [F.], seq 0, ack 1, win 16384, options [nop,nop,sack 1 {4381:5764}], length 0
I also can't access certain sites using https, like freelancer.com and iTunes from my iphone (eth2 via wireless).
This used to work. In between I have upgraded to linux-image-3.2.0-36-powerpc64-smp 3.2.0-36.57 and linux-image-3.2.0-38-powerpc64-smp 3.2.0-38.59 and both seem to have the issue.
I havn't back tracked the kernels to a working one yet - working on that atm. |
|