[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Strange MASQ problem
----- Original Message -----
From: "Danny Sauer" <sauer@cloudmaster.com>
To: <luci-discuss@luci.org>
Sent: Sunday, January 29, 2006 6:59 PM
Subject: Re: Strange MASQ problem
> Jorj wrote regarding 'Re: Strange MASQ problem' on Sat, Jan 28 at 06:11:
> > tcpdump and ngrep were used on the OUTGOING interface. durring sip
traffic,
> > I see my Internal address, along with the External address when the IAX
> > packets go by or when I ping something outside from the same box that is
> > sending the sip packets. This is perplexing. In an attempt to further
trace
> > this down I did a "telnet realworldaddress 5060" from the box that is
not
> > getting masq'd... this was masq'd, right next to the other traffic that
was
> > not! Any suggestions of what to try next would be appreciated.
>
> At this point, if you're not sure what's going on and can afford to
> have this box partially offline for a few minutes or so, I'd suggest
> stripping the rules down to the bare minimum (probably just the MASQ
> rule for internal->external) and start adding the rules back in, one
> by one, from there. If the traffic still isn't being masq'd with just
> the one rule in place, then it's something about the protocol (which
> is my guess). Otherwise, you'll find the problem soon enough. :)
>
> --Danny
>
Thats just what I was doing when I got your email.. REALLY getting strange
now... It behaved exactly the same with just the MASQ and ALLOW of the one
port.. I've traced it down some more, and it only fails to masq when going
to one specific site.. I have an alternate way of connecting to that site,
and since I have spent several days fighting it -- thats what I did... Still
cant understand what its doing different... same host, same interface, same
program, same rules, different destinations, one gets masq'd and the other
one doesnt.. Gonna hafta play with this one when I get more spare time.. it
used to get masq'd , then it suddenly quit working (worked ok for almost a
year).. Even had webmin redo the firewall rules.. didnt change anything..
anyway thanks for the reply and if you get any other ideas to try, I would
really like to find out how this is even possible.
-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.