[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ipnat/ipf problems with state & bonus protocol 47 question!

Hi everyone,

I am experiencing a couple of problems regarding ping packets with IPF.. I'm
running a 2.6 system, and have used the standard IPF that 2.6 comes with and
also upgraded to 3.3.6 via cvs. 

Anycase, the scenario is this. Small lan connected to the internet via modem
and openbsd system - this system translates my private net to tun0/32 via a
couple of rules in ipnat.rules. All appears to work fine.. tcp/udp no
problems but when I ping a host on the net, any host, and then try to ping
that same host from another machine on my internal LAN the second machine
will always time out! If I flush the state table in ipnat (ipnat -F) I can
ping it from the second machine, but as you guessed the first no longer
works.. if you wait awhile (till the state times out I presume) then you can
ping from any of the machines you want (one at a time though).. rather odd,
or am I doing something silly?!?

Also, could someone tell me how to in ipf rules, permit IP protocol 47
through? I haven't managed to find that out yet either.