Quote:
Huh? You see the packets enter the machine that's intended to receive the packets, but no one answers them? That's not a routing problem. If the packet reaches the machine that it's destined for, routing is done.


Not quite. The packet arrives on the LAN interface of the gateway machine, but is not targeted to the LAN IP address, rather it is destined for one of the external IP addresses. As a result, the kernel might think it needs to forward it, or it might be killing it off due to low-level IP filtering. Or at least I think so.

When I first setup the twin interfaces, I had the same issue with packets coming in from the outside --> all incoming connection attempts were being dropped on the floor, and the firewall could NOT see them arriving, even though tcpdump could see them.

I fixed the routing tables (left the firewall config as-was), and that problem went away.

I really don't understand routing, or perhaps it just doesn't happen the way I think it should.

Cheers


Edited by mlord (09/11/2005 00:47)