Menu
▾
▴
[coLinux-devel] [ colinux-Bugs-2965587 ] MASQUERADE works only for first 1-3 TCP packets
|
From: SourceForge.net <no...@so...> - 2010-03-08 22:21:25
|
Bugs item #2965587, was opened at 2010-03-08 19:23 Message generated for change (Comment added) made by henryn You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=622063&aid=2965587&group_id=98788 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: MASQUERADE works only for first 1-3 TCP packets Initial Comment: having the following config: eth0 - bridged with windows LAN0 eth1 - bridged with windows LAN1 PPPoE connection established from coLinux through eth0. pings/HTTP and etc work perfectly from coLinux. trying to get Internet from Windows (iptables configured POSTROUTING/MASQUERADE thru ppp0): pings from windows work OK; but TCP - does not. According to Wireshark only couple packets in the begging of TCP session are masqueraded. Others go unchanged with local IPs in source field. So TCP connection can be established from windows, but w/o further communication. ---------------------------------------------------------------------- >Comment By: Henry N. (henryn) Date: 2010-03-08 23:21 Message: If I understand right, then use wand to use coLinux as router for the windows host? LAN0 you have connected only with an ADSL-Modem, and LAN1 is your internal network. Check, that LAN1 does not have an IP address on Window side. Check, that Windows host must use the IP address of coLinux eth1 as default gateway. Have you enabled ip forward? Simple NAT works with these commands: iptables -A POSTROUTING -j MASQUERADE -t nat echo "1" > /proc/sys/net/ipv4/ip_forward It's very simple and natting in both directions. Please lets see your firewall rules for the NAT, you can get it with iptables-restore. The traffic way for TCP packets you can check with "watch iptables -L -v". ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=622063&aid=2965587&group_id=98788 |
