[Voyage-linux] Anybody using pppd on voyage-0.5.2 and masquerading?
Beat Meier
(spam-protected)
Thu Sep 11 12:02:06 HKT 2008
Thanks for all the answers.
In fact it's a mistery for me until now.
I will try it with SNAT. In fact I used SNAT first but had some problems
and with masquerade it worked fine.
Now the great thing is I have ONE machine which with the old version
has the same behaviour as all the new installation i.e. id does not
download with wget ...
But this machine has in fact the same configuration as the other ones...
All the "clientes" do not change anything only forward the stuff..
No qos, no firewall,
A tcpdump shows me that the client sends the GET ... command
and receives an ACK and nothing more
The same done with a client that works shows as next packet
a "TCP segment of a reassembled PDU"
and my client sends the ACK...
So it seems that this reassembled PDU which are the data of the transfer
never come to me in the bad case...
But no idead why :-(
I will do some tests and write back.
Greetings and thanks again!
Beat
Jens Werner wrote:
> Hello Beat,
>
>> Nobody having problems or not using pppd with dynamic ip?
>
>
> using pppd with dynamic ip uplink at a customer's network, no problems
> so far.
>
> This is just a masquerading machine with an openvpn bridge to the local
> ethernet device using voyage 0.5-2. My basic iptables script in this
> case is a:
>
> iptables -t nat -A POSTROUTING -s $NET_LOCAL -o $INT_INTERNET -j
> MASQUERADE
>
> NET_LOCAL and INT_INTERNET jsut are the local netmask and the ethernet
> device with the ppp connection.
>
> As for connection tracking the script loads the following modules:
>
> modprobe ip_conntrack
> modprobe ip_conntrack_ftp
> modprobe ip_nat_ftp
>
> Except for some anti-spoofing rules all chain policies are set to
> ACCEPT, so we don't filter outgoing traffic here.
>
> Are there any packets dropped by iptalbes (see "iptables -L -v")? Maybe
> you have some weird packet filtering problem? Might be a good idea to
> try out policy accept on every chain.
>
> If I could be of any help, let me know.
>
> Greetings
> Jens
>
>
>
More information about the Voyage-linux
mailing list