[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]

I'm having a network problem regarding which I hope you can provide some
insight.  I have an interesting setup, in that I have a NAT'd connection
to the internet, but I also have another NAT'd firewall behind *that*
firewall that allows wireless connections to VPN into my internal LAN via
PPTP (to support Macs).

Everything has been working fine, and I can pull up any site from my
wireless connection.  But...if I try slashdot:

[root at airport scripts]# tcpdump host slashdot.org
tcpdump: listening on eth0
03:22:43.001759 172.16.3.2.2143 > slashdot.org.http: F
826142373:826142373(0) ack 2628767187 win 17200 (DF)
03:22:43.002294 172.16.3.2.2174 > slashdot.org.http: S
838336042:838336042(0) win 16384 <mss 860,nop,nop,sackOK> (DF)
03:22:43.111256 slashdot.org.http > 172.16.3.2.2174: S
2761579604:2761579604(0) ack 838336043 win 5840 <mss 1460,nop,nop,sackOK>
(DF) [tos 0x20]
03:22:43.115439 172.16.3.2.2174 > slashdot.org.http: . ack 1 win 17200 (DF)
03:22:43.119546 172.16.3.2.2174 > slashdot.org.http: P 1:481(480) ack 1
win 17200 (DF)
03:22:43.139064 slashdot.org.http > 172.16.3.2.2143: . ack 1 win 6432 (DF)
[tos 0x20]
03:22:43.390118 slashdot.org.http > 172.16.3.2.2174: . ack 481 win 6432
(DF) [tos 0x20]
03:22:48.622356 slashdot.org.http > 172.16.3.2.2174: . 1:861(860) ack 481
win 6432 (DF) [tos 0x20]
03:22:48.622786 172.16.3.2 > slashdot.org: icmp: 172.16.3.2 unreachable -
need to frag (mtu 896) [tos 0xc0]
03:22:48.627690 slashdot.org.http > 172.16.3.2.2174: . 861:1721(860) ack
481 win 6432 (DF) [tos 0x20]
03:22:48.627931 172.16.3.2 > slashdot.org: icmp: 172.16.3.2 unreachable -
need to frag (mtu 896) [tos 0xc0]
03:22:51.617229 slashdot.org.http > 172.16.3.2.2174: . 1:861(860) ack 481
win 6432 (DF) [tos 0x20]
03:22:51.617486 172.16.3.2 > slashdot.org: icmp: 172.16.3.2 unreachable -
need to frag (mtu 896) [tos 0xc0]
03:22:52.497982 slashdot.org.http > 172.16.3.2.2143: . 1:861(860) ack 1
win 6432 (DF) [tos 0x20]
03:22:52.498089 172.16.3.2 > slashdot.org: icmp: 172.16.3.2 unreachable -
need to frag (mtu 896) [tos 0xc0]
03:22:57.618855 slashdot.org.http > 172.16.3.2.2174: . 1:861(860) ack 481
win 6432 (DF) [tos 0x20]
03:22:57.619334 172.16.3.2 > slashdot.org: icmp: 172.16.3.2 unreachable -
need to frag (mtu 896) [tos 0xc0]
03:23:09.622825 slashdot.org.http > 172.16.3.2.2174: . 1:861(860) ack 481
win 6432 (DF) [tos 0x20]
03:23:09.623369 172.16.3.2 > slashdot.org: icmp: 172.16.3.2 unreachable -
need to frag (mtu 896) [tos 0xc0]

172.16.3.2 is the interface that wireless connections would be MASQ'ing
through.  It really looks like this:

[wireless hosts 172.16.2.10-20] -> [FIRST NAT 172.16.3.2] -> [ SECOND NAT
66.234.19.133] -> INTERNET

I've been beating my head against this too long, and am a bit muddled. 
Anyone care to speculate what might be happening?

Thanks,
John


</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00847" href="msg00847.html">[ale] Stumped by Slashdot and network problems</a></strong>
<ul><li><em>From:</em> lists at sourceillustrated.com (John Wells)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00845.html">[ale] ssh - no spoofing check</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00847.html">[ale] Stumped by Slashdot and network problems</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00885.html">[ale] ssh - no spoofing check</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00847.html">[ale] Stumped by Slashdot and network problems</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00846"><strong>Date</strong></a></li>
<li><a href="threads.html#00846"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>