3rd level of masquerade

From: Tomasz Olszewski <caster@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 30 Mar 2006 12:20:06 +0200

Hello!

I have a problem with setting up a 3rd level masquerade. According to my
knowlegde everything should be working fine already. Networks I'm
connected to, seem to look like this:

Internet <--> Net A <--> Net B <--> Net C.

"A" is beyond my administration. "B" is a small network inside my flat; it's connected to "B" through a D-Link DI-604 router. Now I'd like to set up a virtual network, inside my computer. This is "C". I'm using VDE 2.0 + TUN/TAP, running on my Ubuntu Breezy. To simulate another computer, I'm running Qemu with another Breezy installation.

Everything seems to work (at least all those things that should work in this case), as long as I keep masquerading OFF on my PC. Without masquerading (but with ip_forward set to '1' and empty iptables rules) the virtual PC is able to ping any machine, in any network mentioned above (even the Internet). When sending a ping request to hosts in network "A" or the Internet, I'm getting messages like 'Redirect Host(New nexthop: ...)'. On the virtual installation I'm setting a default gateway with the command:
route add default gw 192.168.3.1
(this is my own, "real" PC, which connects together networks 192.168.0 and 192.168.3).

I'm turning on masquerading using following command:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
I've also tried some other combinations, but none of them made any
difference. The result is that I can reach any machine in network "B"
(192.168.0). Packets seem to be translated correclty, everything looks
promising. Unfortunately every attempt to reach some farther host ends
without success. The lamp on the D-Link router signals a data transfer, so I think packets are leaving my computer. Pings don't come back, there's no other way to connect to a distant machine. I though that maybe gateway in network "A" throws away packets with TTL less than some value, but making TTL greater didn't help either.

I don't have any fancy configuration on my PC. There are only 3 network
interfaces: lo, eth0 and tap0.

I'm out of ideas :(
.

Prev by Date: Re: how can i get more bandwidth?
Next by Date: Re: ssh tunnel
Previous by thread: IPW2200 doesn't work - make from sources problems
Next by thread: problems with tg3 ethernet driver
Index(es):
- Date
- Thread

Relevant Pages

Re: cant configure networking for static IP address
... I test the network configuration: ... before doing this first ping the first hop - the default gateway from ... I can't ping the DNS server ... they might only allow dns packets to these ...
(Debian-User)
Re: Strange networking problems after update 5.2.1->5.3
... I cannot ping it even from a host connected to the same ... My network at home is somewhat simpler (192.168.1.0/24 is local, ... is another notebook that is acting as NAT and default router). ... not even the obviously outgoing ping packets. ...
(freebsd-stable)
strange network slowness in 2.6 unless pingflooding
... laptop it's all fine. ... Subject: Whacky 2.6 network behaviour ... If I ping a different host from my desktop I get no ... pingloss with 60000 byte packets (though this doesn't help with the ...
(Linux-Kernel)
Re: Loss of Connectivity on Only One PC on a LAN
... inability to ping one from the other is a bit troubling though. ... dropped packets, or "unknown host", when you try to ping?" ... I used her internal, network IP. ... I asked my roommate if she recalls how she had set up the Network Setup Wizard in the first place. ...
(microsoft.public.windowsxp.network_web)
Cant use internal network after dialup modem is used -- get ping: sendto: Operation not permitted
... Just after reboot, can use internal network. ... In particular, during and after use of dialup modem, ping gives: ... packets transmitted, 4 packets received, 0% packet loss ...
(comp.os.linux.setup)