Divna maskarada
Michal Krause
mike na navrcholu.cz
Pátek Leden 22 12:46:17 CET 1999
Zdravim,
mam lokalni sit, pevnou linku a maskaradu pro pristup k Inetu. Vsechno
funguje jak ma, az na jednu drobnost. Nektere www stranky nechteji prijet.
Proste tahnu, tahnu a nic nedotahnu. Delaji to pravidelne treba servery
www.xoom.com, www.angelfire.com, ale i nektere ceske.
Pokud se ovsem pripojim na svuj server u tehoz providera, kde mam pevnou
linku, vsechno funguje jak ma.
Forwardovaci pravidla na maskarade jsou
IP firewall forward rules, default policy: deny
type prot source destination ports
acc/m all 172.16.0.0/24 anywhere n/a
acc/m all 172.16.1.0/24 anywhere n/a
Jde o dve subsite (lokalni ethernet a druha pevna linka na jine
pracoviste).
Ovsem je fakt, ze stranky nenajedou ani primo na maskarade, ktera ma
pochopitelne svoji realnou IP adresu a prime spojeni do Inetu, takze
maskarada mozna neni na vine.
Prikladam vypis tcpdumpu na maskarade pri pozadavku na www.xoom.com.
Kernel na maskarade je 2.0.34, jde o RH4.2
Diky za kazdy typ
Michal Krause /\
ICQ: 7665279 /\/ \
email: mike na navrcholu.cz ______ http://www.4web.cz/ ______ NAVRCHOLU.cz
------------- další část ---------------
[root na gw /root]# tcpdump -i ppp0 | grep xoom.com
tcpdump: listening on ppp0
12:29:03.956992 4web-gts.gts.cz.64631 > colo01-136.xoom.com.http: F 2889117240:2889117240(0) ack 2837550556 win 32696
12:29:04.546992 colo01-136.xoom.com.http > mike.4web.1695: . ack 2889117241 win 16616 (DF)
12:29:04.846992 4web-gts.gts.cz.64638 > colo01-136.xoom.com.http: S 1325093354:1325093354(0) win 512 <mss 536>
12:29:05.606992 colo01-136.xoom.com.http > mike.4web.1725: S 115711475:115711475(0) ack 1325093355 win 16616 <mss 1460> (DF)
12:29:05.606992 4web-gts.gts.cz.64638 > colo01-136.xoom.com.http: . ack 115711476 win 32160 (DF)
12:29:05.616992 4web-gts.gts.cz.64638 > colo01-136.xoom.com.http: P 0:308(308) ack 1 win 32696 (DF)
12:29:06.306992 colo01-136.xoom.com.http > mike.4web.1725: P 1:101(100) ack 309 win 16616 (DF)
12:29:06.316992 4web-gts.gts.cz.64638 > colo01-136.xoom.com.http: . ack 101 win 32696 (DF)
12:29:06.326992 colo01-136.xoom.com.http > mike.4web.1725: P 101:171(70) ack 309 win 16616 (DF)
12:29:06.326992 colo01-136.xoom.com.http > mike.4web.1725: F 171:171(0) ack 309 win 16616 (DF)
12:29:06.326992 4web-gts.gts.cz.64638 > colo01-136.xoom.com.http: . ack 172 win 32625 (DF)
12:29:06.326992 4web-gts.gts.cz.64638 > colo01-136.xoom.com.http: F 308:308(0) ack 172 win 32696
12:29:06.326992 4web-gts.gts.cz.64639 > colo01-136.xoom.com.http: S 3545437711:3545437711(0) win 512 <mss 536>
12:29:07.386992 colo01-136.xoom.com.http > mike.4web.1725: . ack 310 win 16616 (DF)
12:29:07.396992 colo01-136.xoom.com.http > mike.4web.1785: S 4247704906:4247704906(0) ack 3545437712 win 16616 <mss 1460> (DF)
12:29:07.396992 4web-gts.gts.cz.64639 > colo01-136.xoom.com.http: . ack 4247704907 win 32160 (DF)
12:29:07.396992 4web-gts.gts.cz.64639 > colo01-136.xoom.com.http: P 0:281(281) ack 1 win 32696 (DF)
12:29:08.106992 colo01-136.xoom.com.http > mike.4web.1785: . ack 282 win 16616 (DF)
Další informace o konferenci Linux