Hi all 890 members! I''ve finished my documentation spurt, to summarize, the new content over the last two weeks: CBQ fully documented Including split/defmap! HTB mentioned & described All other common queues FULLY documented All queues mentioned in some detail In depth explanation how queueing works in the kernel How classful queues work Basic tc filter commands Hashed tc filters for amazing speed with thousands of filters Policing filters List of everybody who helped on the homepage. The policing filters are new since today. The HOWTO is in great need of spellchecking and a ''red pen'' session. If anybody has time, please please please, pitch in and see what can be improved. Thanks! -- http://www.PowerDNS.com Versatile DNS Software & Services Trilab The Technology People Netherlabs BV / Rent-a-Nerd.nl - Nerd Available - ''SYN! .. SYN|ACK! .. ACK!'' - the mating call of the internet
I current have a dsl modem. I''m running a nexland brand router for it.
I''m going to eventually move to using my linux box as my main router,
but
that''s for a later day, and scouring for info/wisdom is actually why I
joined this, but this isn''t about that yet :)
The router has a cool "loopback" function, where I can hit my external
IP
from internal, and it passes back through the hits.
simple network topology to deal with for the problem:
inet---dslmodem---router---hub---win box
|---linux box
if it isn''t aligned, just win and linux in a hub to the router.
Situations that work:
windows box IMAP to linux imap server, through loopback on router.
windows box ssh to linux ssh server, through loopback on router.
port 80 fw''d to linux box, windows box hits web server through loopback
port 80 fw''d to windows box, windows box doing loopback to itself
(by loopback i mean through the router, NOT 127.0.0.1)
Situation(s) that doesn''t work:
linux box->loopback->linux box, ANY ports
port 80 fw''d to linux box, no work with lynx or wget
port 22 fw''d, no work with ssh from linux to linux
etc...
What''s going on here? It looks like the linux box is not liking
talking to
itself while going through an external router, or something crazy?
What should I look for to diagnose this?
I''ve just about eliminated the problem being at the router since it
works in
every combo but linux box->itself.
Thanks!
--Bill Williamson
On Thu, Dec 06, 2001 at 05:18:35PM -0600, Bill Williamson wrote:> Situation(s) that doesn''t work: > linux box->loopback->linux box, ANY ports > port 80 fw''d to linux box, no work with lynx or wget > port 22 fw''d, no work with ssh from linux to linux > etc...Never *ever* complain ''doesn''t work'', we are not clairvoyant! What does it do? Timeout? Connection denied? No route to host? Host unreachable?> What''s going on here? It looks like the linux box is not liking talking to > itself while going through an external router, or something crazy?Run ''tcpdump -e -s 1500 -n -i eth0'' while you try to connect to yourself and supply us with the IP addresses. Replace eth0 with the right interface. Regards, bert hubert -- http://www.PowerDNS.com Versatile DNS Software & Services Trilab The Technology People Netherlabs BV / Rent-a-Nerd.nl - Nerd Available - ''SYN! .. SYN|ACK! .. ACK!'' - the mating call of the internet
On Thu, Dec 06, 2001 at 05:54:36PM -0600, Bill Williamson wrote: Bill, please do not silently move discussions away from the mailinglist! I am not a free consulting firm!> > Run ''tcpdump -e -s 1500 -n -i eth0'' while you try to connect to yourself > and > > supply us with the IP addresses. Replace eth0 with the right interface. >Sanitized output of the tcpdump you provided: 5.4 a8:d7 1b:94 192.168.0.3.53395 > x.y.z.w.80: S 912730624:912730624(0) win 5840 <mss 1460,sackOK,timestamp 43698736 0,nop,wscale 0> (DF) 5.4 1b:94 a8:d7 x.y.z.w.53395 > 192.168.0.3.80: S 912730624:912730624(0) win 5840 <mss 1432,sackOK,timestamp 43698736 0,nop,wscale 0> (DF) This part is good, your .0.3 host tries to connect to the external address, your router immediately sends a reply back, properly NATted. 5.4 a8:d7 1b:94 192.168.0.3.53395 > x.y.z.w.80: . ack 1 win 5840 <nop,nop,timestamp 43698736 43698736> (DF) Linux doesn''t go for it. It basically says ''I know this session already''! This trace is all very very broken, and I think parts of it are missing. I suspect that your router gets confused by timestamp and SACK options, but I''m not sure. Regards, bert -- http://www.PowerDNS.com Versatile DNS Software & Services Trilab The Technology People Netherlabs BV / Rent-a-Nerd.nl - Nerd Available - ''SYN! .. SYN|ACK! .. ACK!'' - the mating call of the internet