[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipnat/ipf and redirect still not working



> > > I have been fighting this for a week. Does anyone have an idea? From a
> > > previous tcpdump, it appears to send the packet, but never gets one back
> > > across the interface.
> 
> I have attempted to adapt these rules, and they are not working either.
> The route works, I can telnet directly fromteh firewall intothe machine on
> the inside. From the outside, NOTHING even gets to ipfilter at all. No
> packets logged on that rule.

These two statements don't make sense together, jesse.

Are you saying that a tcpdump on the external interface NEVER sees any packets?
or once they hit the external interface, they go into limbo?

Your ipf rules are wide open during all this?

do an ipmon -oS. Hit the box from outside. You should see two things:

1. The rewritten packet go out the second interface
2. A state rule created for the back traffic.

If traffic goes OUT the interface, but never comes back, you'll want
to do a tcpdump on the DMZ machine you are rdr'ing to, to see what
happens.  are you confident there are no routing issues from the DMZ
machine to the outside world? Try and get from the DMZ machine to an
"outside" machine. (your route MUST be through the ipfilter machine).
Does this work?


> Does SOMEONE have an idea? They will make me load linux by tomorrow if
> this does not work.

We have many ideas, it's just hard to help without some concrete
data to work with... (ie. TCPDumps, specific scenarios)

-kj