real and private IPs on same wire?
Andre' Breiler
A.Breiler@gmx.net
Sun, 30 Jul 2000 22:36:06 +0200 (MET DST)
On Sun, 30 Jul 2000, Felix Maibaum wrote:
> > > when a client uses a real IP, it can ping both eth0 and eth1 with their
> > > real IPs, but nothing beyond that. the clients are configured to use the
Possible your fw drops packets with real IP as source.
Try to insert a LOG target in every table so you can trace the packets.
> > > works exactly twice (not more) and I get a lot of untracked packets
> > > messages from NAT.
> exact message is:
> NAT 0: dropping untracked packet (pinged client with private ip) --> (pinging
> client with real IP)
I think PROTO is 1 (icmp).
Possible pinging client cought the ARP reply and sends direct now.
So the fw drops the echo reply (here was no echo request).
> I don't really mind that pinging thing to the local clients, the machines
> with real IP's will be running Linux anyway, and I can just set up an alias
> so that the local IP is used to contact the other clients.
> my real problem is, that I don't know my mistake concerning the simple
> routing.
Take a look at output of tcpdump (with hwaddress).
> does a.b.c.d explicitly require my server's IP as a gateway to our subnet, or
> is the right interface enough?
abcd needs to know how to reach your net. So abcd sends all traffic to your
subnet via IP of eth1 (fw). If abcd thinks your net is direct connected
your fw must do proxy arp on eth1 for the whole subnet. So abcd sends
the packet to fw.
Bye Andre'
--
eMail: A.Breiler@gmx.net
Type Bits/KeyID Date User ID
pub 2048/89D36175 1997/06/20 Andre' Breiler 2048 <A.Breiler@gmx.net> SIG
Key fingerprint = 8E 9E A2 F8 29 27 CC 94 10 44 0E 40 7A C9 33 10