NAT configuration...
powell molleti
powelllinux at yahoo.com
Wed Oct 31 14:31:45 EST 2001
Hi,
Yes you can ping 10.0.0.1 from 10.0.0.0/24 network
because of the following lines in the mazu file which
determine the flow of the ICMP echo request packet.
Look at lines 195 - 197
intern_arp_class[2] -> Strip(14)
-> CheckIPHeader
-> ip_from_intern;
now when you look at ip_from_intern(lines 184 - 187)
ip_from_intern :: IPClassifier(dst host intern,
dst net intern,
dst tcp port ftp,
-);
Your ping packet will output at ip_from_intern[0].
as you can see at the line 198:
ip_from_intern[0] -> my_ip_from_intern; // stuff for
// 10.0.0.1 from
inside
you are sending the packet to another classifier
my_ip_from_intern (lines 188 - 193) and the ICMP
packet which is neither TCP or UDP will be
outputed as my_ip_from_intern[5] , and look at line
206
206: my_ip_from_intern[5] -> ip_to_linux; // non TCP
// or UDP traffic, to
linux
hence linux will reply your ICMP echo request.
Now you have tried to ping the external interface
(172.25.79.156).
Look at the fate of this ICMP packet.
try to sketch the path as described above and you
will
see that the packet will be classified at
ip_from_intern(lines 184 - 187) and will be emitted
at
ip_from_intern[3] right , now look at line 211(end)
211 : ip_from_intern[3] -> [0]rw; // stuff for
// outside
The packet is goin for rw , check rw now at line 112.
Your packet headers will be rewritten by rw replacing
the packet's src ip with the external and leaving the
packet's dest ip as it is. Next look at line 146
146: rw[0] -> ip_to_extern_class :: IPClassifier(dst
host intern, -);
as you can see your packet with dst ip as extern
will
be emitted as ip_to_extern_class[1] , as you can
obviously see at line 148
148: ip_to_extern_class[1] -> ip_to_extern;
your packet is sent to the next hop and so it gets
discarded.
Hence you dont get a ping reply for your request to
the external interface from the interal network.
Are you able to reach the web. Try check a website or
something and if you are not able to reach then there
is a problem is with your network topology.
As you have shown in your diagram is the machine
(the extern_next_hop) connected to the same switch as
the external interface of the click box?.
I hope this helps. If any mistakes in the way i
understood or explained the problem please correct me
cause i am a newbie too.
cya
powell
--- Juan Luis Baptiste <juancho at metallica.com> wrote:
> Hi,
>
> I'm trying tu use the mazu-nat.click configuration
> file, but I haven't been
> able to get it to
> work.
> My network setup is like this:
>
> 10.0.0.2/8
> |
> |
> 10.0.0.1/8 (eth1
> 00:60:97:C0:D4:74)
> 172.25.79.156/16 (eth0
> 00:50:8B:65:2C:23)
> |
> |
> --------------------------
> | 172.25.* network |
> --------------------------
> |
> |
> 172.25.0.1/16 (08:00:20:AC:09:45)
> |
> |
> INTERNET
>
> The configuration I'm using with mazu-nat is the
> following:
>
> AddressInfo(
> intern 10.0.0.1 10.0.0.0/8 00:60:97:C0:D4:74,
> extern 172.25.79.156 172.25.79.0/24
> 00:50:8B:65:2C:23,
> extern_next_hop 08:00:20:AC:09:45,
> intern_server 10.0.0.10
> );
>
> The rest of the file is unmodified. When I load the
> configuration file into the
> kernel module, I can only ping
> 10.0.0.1
> from 10.0.0.2, I can't even see the other interface
> of the NAT (172.25.79.156)
> or beyond from there, but if the
> module
> isn't loaded, I can see the other interface but not
> beyond from there.
>
> Any ideas?
>
> Juan Luis Baptiste M.
> email: juancho at metallica.com
>
>
________________________________________________________
> Get your Private, Free E-mail from Metallica at
> http://mail.metallica.com/
> powered by
> XingMail.
>
> Check out the Metallica Official Web Site at
> http://www.metallica.com
>
__________________________________________________
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com
More information about the click
mailing list