shorewall-users April 2012 archive
Main Archive Page > Month Archives  > shorewall-users archives
shorewall-users: Re: [Shorewall-users] Problem with nat on a mul

Re: [Shorewall-users] Problem with nat on a multiple isp configuration

From: Alessandro Faglia <alessandro.faglia_at_nospam>
Date: Thu Apr 12 2012 - 14:10:16 GMT
To: Shorewall Users <shorewall-users@lists.sourceforge.net>

On Thu, Apr 12, 2012 at 3:19 PM, Tom Eastep <teastep@shorewall.net> wrote:

> On 04/11/2012 11:20 PM, Alessandro Faglia wrote:
>
> >
> > For what I understand I shouldn't have any output from tcpdump, or is it
> > normal? Do you see routing issues?
> >
>
> That looks okay. Now try running tcpdump on eth4 while you are testing;
> do you see response packets being sent out of eth4 rather than ppp0?
>

Yes I do:

# tcpdump -nei eth4 port 25 and host <nmap-host-ip>
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth4, link-type EN10MB (Ethernet), capture size 96 bytes
16:05:53.308093 00:04:23:e0:8a:51 > 00:25:9c:ca:6d:46, ethertype IPv4
(0x0800), length 58: <wan-ip>.25 > <nmap-host-ip> .36640: S
283332995:283332995(0) ack 2424569839 win 5840 <mss 1460>
16:05:53.406159 00:04:23:e0:8a:51 > 00:25:9c:ca:6d:46, ethertype IPv4
(0x0800), length 58: <wan-ip> .25 > <nmap-host-ip> .36641: S
382851284:382851284(0) ack 2424504304 win 5840 <mss 1460>
16:05:57.032048 00:04:23:e0:8a:51 > 00:25:9c:ca:6d:46, ethertype IPv4
(0x0800), length 58: <wan-ip> .25 > <nmap-host-ip> .36640: S
283332995:283332995(0) ack 2424569839 win 5840 <mss 1460>
16:05:57.831952 00:04:23:e0:8a:51 > 00:25:9c:ca:6d:46, ethertype IPv4
(0x0800), length 58: <wan-ip> .25 > <nmap-host-ip> .36641: S
382851284:382851284(0) ack 2424504304 win 5840 <mss 1460>

In this case <wan-ip> is the public IP (#1 in my previous examples) I'm
running nmap against from the test host:
# nmap -p 25 <wan-ip>

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-04-12 16:05
CEST
Interesting ports on <wan-ip> :
PORT STATE SERVICE
25/tcp filtered smtp

Nmap finished: 1 IP address (1 host up) scanned in 6.890 seconds

So I have packets flowing back thru eth4 that shouldn't be there, am I
correct? Is it a setup problem?

Thanks.
Alessandro

------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users