Traceroute & IP masquerading - Networking

This is a discussion on Traceroute & IP masquerading - Networking ; I have a box B1 with two NICs, each connected to a different network, N1 and N2. Another box B2 has a single NIC connected to N1, and it gets access to N2 via B1, which is doing IP masquerading ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Traceroute & IP masquerading

  1. Traceroute & IP masquerading

    I have a box B1 with two NICs, each connected to a different network, N1
    and N2. Another box B2 has a single NIC connected to N1, and it gets
    access to N2 via B1, which is doing IP masquerading on B2's behalf.

    When it comes to finding out about routes and hosts in N2, the traceroute
    command works all right when issued at B1. However, when issued at B2 it
    doesn't - it does not seem to be able to tell any routes outside N1; in
    particular, it does not seem to know anything about N2.

    Is there a way around this? That is, is it possible to get traceroute to
    work on B2, as far as tracing routes to hosts in N2 is concerned? B2
    has otherwise full access to N2.

  2. Re: Traceroute & IP masquerading

    Ivar Rosquist wrote:
    > I have a box B1 with two NICs, each connected to a different network, N1
    > and N2. Another box B2 has a single NIC connected to N1, and it gets
    > access to N2 via B1, which is doing IP masquerading on B2's behalf.
    >
    > When it comes to finding out about routes and hosts in N2, the traceroute
    > command works all right when issued at B1. However, when issued at B2 it
    > doesn't - it does not seem to be able to tell any routes outside N1; in
    > particular, it does not seem to know anything about N2.
    >
    > Is there a way around this? That is, is it possible to get traceroute to
    > work on B2, as far as tracing routes to hosts in N2 is concerned? B2
    > has otherwise full access to N2.


    It should work. Perhaps your B1 is dropping packets?

  3. Re: Traceroute & IP masquerading

    On Sat, 06 Jan 2007 21:51:01 +0000, Allen Kistler wrote:

    > Ivar Rosquist wrote:
    >> I have a box B1 with two NICs, each connected to a different network, N1
    >> and N2. Another box B2 has a single NIC connected to N1, and it gets
    >> access to N2 via B1, which is doing IP masquerading on B2's behalf.
    >>
    >> When it comes to finding out about routes and hosts in N2, the traceroute
    >> command works all right when issued at B1. However, when issued at B2 it
    >> doesn't - it does not seem to be able to tell any routes outside N1; in
    >> particular, it does not seem to know anything about N2.
    >>
    >> Is there a way around this? That is, is it possible to get traceroute to
    >> work on B2, as far as tracing routes to hosts in N2 is concerned? B2
    >> has otherwise full access to N2.

    >
    > It should work. Perhaps your B1 is dropping packets?


    It does not. Anyway, I found out that invoking traceroute with the -I
    option does the trick.

  4. Re: Traceroute & IP masquerading

    On Sun, 07 Jan 2007, in the Usenet newsgroup comp.os.linux.networking, in
    article , Ivar Rosquist wrote:

    >Allen Kistler wrote:


    >> Ivar Rosquist wrote:
    >>> I have a box B1 with two NICs, each connected to a different network, N1
    >>> and N2. Another box B2 has a single NIC connected to N1, and it gets
    >>> access to N2 via B1, which is doing IP masquerading on B2's behalf.
    >>>
    >>> When it comes to finding out about routes and hosts in N2, the
    >>> traceroute command works all right when issued at B1. However, when
    >>> issued at B2 it doesn't - it does not seem to be able to tell any
    >>> routes outside N1; in particular, it does not seem to know anything
    >>> about N2.


    >> It should work. Perhaps your B1 is dropping packets?

    >
    > It does not.


    Oh, yes it is - on B1, run tcpdump on each interface - you'll see it's
    dropping some stuff. Perhaps there is a firewall rule that is screwing
    things up. Try '/sbin/iptables -L' so see what you are doing to UDP.

    >Anyway, I found out that invoking traceroute with the -I option does
    >the trick.


    Some versions. On the traceroute that comes with SuSE (written by Olaf
    Kirch while at Caldera), the -I option selects the interface, rather than
    using ICMP echos.

    Old guy

+ Reply to Thread