Divna maskarada

Michal Krause mike na navrcholu.cz
Pátek Leden 22 12:46:17 CET 1999 

Zdravim,

mam lokalni sit, pevnou linku a maskaradu pro pristup k Inetu. Vsechno
funguje jak ma, az na jednu drobnost. Nektere www stranky nechteji prijet.
Proste tahnu, tahnu a nic nedotahnu. Delaji to pravidelne treba servery
www.xoom.com, www.angelfire.com, ale i nektere ceske.

Pokud se ovsem pripojim na svuj server u tehoz providera, kde mam pevnou 
linku, vsechno funguje jak ma.

Forwardovaci pravidla na maskarade jsou
IP firewall forward rules, default policy: deny
type  prot source               destination          ports
acc/m all  172.16.0.0/24        anywhere             n/a
acc/m all  172.16.1.0/24        anywhere             n/a

Jde o dve subsite (lokalni ethernet a druha pevna linka na jine 
pracoviste).

Ovsem je fakt, ze stranky nenajedou ani primo na maskarade, ktera ma 
pochopitelne svoji realnou IP adresu a prime spojeni do Inetu, takze 
maskarada mozna neni na vine.

Prikladam vypis tcpdumpu na maskarade pri pozadavku na www.xoom.com. 

Kernel na maskarade je 2.0.34, jde o RH4.2

Diky za kazdy typ

Michal Krause                                                       /\
ICQ: 7665279                                                     /\/  \
email: mike na navrcholu.cz ______ http://www.4web.cz/ ______  NAVRCHOLU.cz
------------- další část ---------------
[root na gw /root]# tcpdump -i ppp0 | grep xoom.com
tcpdump: listening on ppp0
12:29:03.956992 4web-gts.gts.cz.64631 > colo01-136.xoom.com.http: F 2889117240:2889117240(0) ack 2837550556 win 32696
12:29:04.546992 colo01-136.xoom.com.http > mike.4web.1695: . ack 2889117241 win 16616 (DF)
12:29:04.846992 4web-gts.gts.cz.64638 > colo01-136.xoom.com.http: S 1325093354:1325093354(0) win 512 <mss 536>
12:29:05.606992 colo01-136.xoom.com.http > mike.4web.1725: S 115711475:115711475(0) ack 1325093355 win 16616 <mss 1460> (DF)
12:29:05.606992 4web-gts.gts.cz.64638 > colo01-136.xoom.com.http: . ack 115711476 win 32160 (DF)
12:29:05.616992 4web-gts.gts.cz.64638 > colo01-136.xoom.com.http: P 0:308(308) ack 1 win 32696 (DF)
12:29:06.306992 colo01-136.xoom.com.http > mike.4web.1725: P 1:101(100) ack 309 win 16616 (DF)
12:29:06.316992 4web-gts.gts.cz.64638 > colo01-136.xoom.com.http: . ack 101 win 32696 (DF)
12:29:06.326992 colo01-136.xoom.com.http > mike.4web.1725: P 101:171(70) ack 309 win 16616 (DF)
12:29:06.326992 colo01-136.xoom.com.http > mike.4web.1725: F 171:171(0) ack 309 win 16616 (DF)
12:29:06.326992 4web-gts.gts.cz.64638 > colo01-136.xoom.com.http: . ack 172 win 32625 (DF)
12:29:06.326992 4web-gts.gts.cz.64638 > colo01-136.xoom.com.http: F 308:308(0) ack 172 win 32696
12:29:06.326992 4web-gts.gts.cz.64639 > colo01-136.xoom.com.http: S 3545437711:3545437711(0) win 512 <mss 536>
12:29:07.386992 colo01-136.xoom.com.http > mike.4web.1725: . ack 310 win 16616 (DF)
12:29:07.396992 colo01-136.xoom.com.http > mike.4web.1785: S 4247704906:4247704906(0) ack 3545437712 win 16616 <mss 1460> (DF)
12:29:07.396992 4web-gts.gts.cz.64639 > colo01-136.xoom.com.http: . ack 4247704907 win 32160 (DF)
12:29:07.396992 4web-gts.gts.cz.64639 > colo01-136.xoom.com.http: P 0:281(281) ack 1 win 32696 (DF)
12:29:08.106992 colo01-136.xoom.com.http > mike.4web.1785: . ack 282 win 16616 (DF)

Další informace o konferenci Linux