Re: [ts-7000] ip forwarding problems

To:
Subject:	Re: [ts-7000] ip forwarding problems
From:	Jim Jackson <>
Date:	Fri, 28 May 2010 22:12:57 +0100 (BST)



On Thu, 27 May 2010, j.chitte wrote:

> Hi,
>
> I've been battling to connect by 7250 to WAN via linux desktop machine 
> and an ADSL modem/router.
>
> The desktop has its own apache running on port80 to I set up the SBC 
> server on 8080.
>
> The routers NAT sends both 80 and 8080 traffic to the desktop, which has 
> a minimalistic iptables to DNAT 8080 to the ARM.

Just out of curiosity why don't you configure the routewr to send 8080 
direct to the SBC?

> I had this working with one fs and 2.6.29 without iptables but I bit need 
> to tighten security before exposing it to the net.
>
> Now I have a kernel built with iptables and I cannot get the arm to 
> respond over the net. LAN connection still works fine.
>
> The fs image is basically the same but rebuilt and with several small 
> version updates so there's scope for a critical change here though 
> iptables in empty on the arm.
>
> There would seem to be some difference in the responce from the new 
> config that is preventing replies from being sent back out by the desktop 
> machine.
>
> Any suggestions on how I can diagnose what's wrong.

If your SBC is in the same subnet as the desktop, then you probably don't 
want to be NAT to it from the desktop - that would be 2 NATs and one trying 
to NAT within a subnet. Not a situation I'd want to debug.

If you really must send the traffic to the desktop first, you need to run
a TCP redirector of somesort on the desktop. This works at the TCP layer
not the network layer and can be a lot easier to set up.

This is one such

   http://sammy.net/~sammy/hacks/redir-2.2.1.tar.gz

I've used one of these sorts of programs before, a long time ago. It was 
easy to setup.


------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/ts-7000/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/ts-7000/join
    (Yahoo! ID required)

<*> To change settings via email:
     
    

<*> To unsubscribe from this group, send an email to:
    

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

<Prev in Thread]	Current Thread	[Next in Thread>
[ts-7000] ip forwarding problems, j.chitte Re: [ts-7000] ip forwarding problems, Jim Jackson <= [ts-7000] Re: ip forwarding problems, j.chitte Re: [ts-7000] Re: ip forwarding problems, Jim Jackson Re: [ts-7000] Re: ip forwarding problems, Jim Jackson

Previous by Date:	[ts-7000] ip forwarding problems, j.chitte
Next by Date:	[ts-7000] Re: ip forwarding problems, j.chitte
Previous by Thread:	[ts-7000] ip forwarding problems, j.chitte
Next by Thread:	[ts-7000] Re: ip forwarding problems, j.chitte
Indexes:	[Date] [Thread] [Top] [All Lists]

Disclaimer: Neither Andrew Taylor nor the University of NSW School of Computer and Engineering take any responsibility for the contents of this archive. It is purely a compilation of material sent by many people to the birding-aus mailing list. It has not been checked for accuracy nor its content verified in any way. If you wish to get material removed from the archive or have other queries about the archive e-mail Andrew Taylor at this address: andrewt@cse.unsw.EDU.AU