Re: Hanging outgoing connections while incoming are OK

[Guido Anzuoni <ganzuoni@xxxxxxxxx>]

OMG, sorry.
The intended setup was
fw eth0: 10.254.254.1, PUB_IP_INCOMING, PUB_IP_OUTGOING

I have used 1 public ip for incoming connections and 1 ip to
"masquerade" outgoing ones.
I don't know if it is necessary to bind public ip to some NIC in order
to let netfilter NAT work properly.

Anyway, there is a little progress in the analysys.
Starting a ssh session from a linux box on the internal network, I can
see with tcpdump a certain amount of packets
flowing along the path from the linux box, the firewall up to the ssh server.
Then packet flow stops for 10-20 seconds until final exchange takes
place and I have the shell prompt.
It seems like some packets start going round and round before arriving
to destination.
In fact, if I do several ls -l connection hangs again.
The strange thing is that there is no way to setup a connection if the
client is putty on a windows client.

Guido

On Tue, Jan 31, 2012 at 6:37 PM, Andrew Beverley <andy@xxxxxxxxxxx> wrote:
> On Sat, 2012-01-28 at 09:39 +0100, Guido Anzuoni wrote:
> ...
>> fw default gateway: 10.254.254.2
>> fw eth0: 10.254.254.1, PUB_IP_OUTGOING, PUB_IP_OUTGOING
> ...
>> My doubt is about eth0 configuration where I bind multiple addresses,
>> an internal one and all the public assigned by the ISP.
>> Is it a correct setup ?
>
> Unless I'm misunderstanding something, this does seem like a strange set
> up. Why not just have the one IP address on eth0? Do the Cisco routers
> also have an external IP address? Are these 2 completely independent WAN
> links? If so, how is traffic shared between them?
>
> Sorry for all the questions, but I'm not entirely understanding your set
> up and what you are trying to achieve.
>
> Andy
>
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html