Hello.
I striked some NAT trouble and see no way even how to dig it.
Situation:
I am running a gateway, which serves as firewall between LAN and Internat
and
also as endpoint for multiple GRE tunnels. Traffic incapsulated in GRE is
encrypted with IPSEC policies. Routes are made with OSPF (quagga).
Everything work fine.
And some in LAN host pings through NAT remote gateway (remote ends of
tunnels). May be he is concerned is some way.
Problem:
In some time one of tunnels gets down.
No traffic p***** over GRE, but I can see incoming ESP packets.
And I see strange NAT in iptstate:
IPTState - IPTables State Top
Version: 2.1 Sort: SrcIP b: change sorting h: help
Filters: dst: 212.120.191.5
Source Destination Proto State TTL
81.211.28.162 212.120.191.5 esp 0:09:54
172.16.16.11 212.120.191.5 gre 0:09:54
The first row represents valid track for esp traffic.
But I have no clues for cause of second record.
I have in iptables disabled GRE forwarding, host 172.16.16.11 has no GRE
configured at all. Only ICMP packets travels through NAT.
# uname -a
Linux gw.prodo.ru 2.6.18-6-686 #1 SMP Sun Feb 10 22:11:31 UTC 2008 i686
GNU/Linux
I recently reinstalled from scratch 172.16.16.11 but problem persisted (as
on
old address that was 172.16.16.9)
If I delete tunnels on both system, wait for TTL expire and recreate, all
works. Until some moment X, when problem resurvives.
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@[EMAIL PROTECTED]
a subject of "unsubscribe". Trouble? Contact
listmaster@[EMAIL PROTECTED]
