Re: RST packet from NAT box
This is a discussion on Re: RST packet from NAT box within the IPFilter forums, part of the System Security and Security Related category; On 11 Sep 2003 18:47:23 +0900 <jenniee@mail.goo.ne.jp> wrote: > > Dear IP ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-12-2003
|
|||
|
|||
Re: RST packet from NAT box
On 11 Sep 2003 18:47:23 +0900
<jenniee@mail.goo.ne.jp> wrote: > > Dear IP Filter experts! > > I've just installed IP Filter ver.3.4.32 on my SunOS 5.8 SPARC9 > (64bit kernel) machine but it didn't work well. > Can anyone help me with my problems? > I've searched over the mailing-list archives and also the Internet, > but couldn't found anything the same with mines. > > My network layout is > > 211.XX.XX.84 > -------------------------- > INTERNET---INTRANET-----------|dmfe0 NAT BOX(SunOS 5.8) | > (211.XX.XX.0/24) | dmfe1 | > -------------------------- > 211.XX.XX.80 | 192.168.99.1 > 211.XX.XX.81 | > | > | 192.168.99.0/24 > Private Network > > This is my ipf rules > > pass in all > pass out all > > My ipnat rules: > > # S-NAT > bimap dmfe0 192.168.99.2/32 -> 211.XX.XX.80/32 > # map for Nat box itself, dont know if required > map dmfe0 192.168.99.1/32 -> 211.XX.XX.84/32 > # D-NAT > map dmfe0 192.168.99.0/24 -> 211.XX.XX.83/32 proxy port ftp ftp/tcp > map dmfe0 192.168.99.0/24 -> 211.XX.XX.83/32 portmap tcp/udp 10000:40000 > map dmfe0 192.168.99.0/24 -> 211.XX.XX.83/32 > > I used pseudo network interfaces to configure 211.XX.XX.80,81 on > dmfe0. > > It goes well with ICMP frames, such as ping and traceroute, from both > internal and external hosts. I can even access to web sites from > hosts in my private network, though with a rather slow speed and > sometimes data transmission seems endless. > > But when I tried to telnet or ftp a host in the intranet, i.e. > 211.XX.XX.62, from an internal host,i.e 192.168.99.2, I couldnt. > Below are the messages I got > > 192.168.99.2$ telnet 211.XX.XX.62 > Trying 211.XX.XX.62... > Connected to 211.XX.XX.63. > Escape character is '^]'. > Connection closed by foreign host. > 192.168.99.2$ > > Sometimes I could go further that the remote telnet server required > username and password but after I enter my password in 211.XX.XX.62, > nothing happened.Then I pressed Enter key and the message "Connection > closed by foreign host." displayed again. > > The same happened with telnet/ftp-ing a NAT'd host from another host > in the intranet (I've not tried from a host outside the intranet yet) > > > I tcpdumped to trace down packets flowing and found that after the > NAT box did it work well with SYN SYN/ACK ACK procedure between the > internal host and external host, some data transmission was done, > then all of a sudden, a packet with RST flag was sent from the NAT > box to the external box, that caused connection closure. > > I don't know why and how to fix this problem. So please help. > It's urgent!!! > Any advice will be appreciated. > > Thanks, > Jennie > Apparently telnet and telnetd disagreed on something, and departed. Turn on debug/verbose features for both telnetd and telnet, if they are available. Watch tcpdump for -actual- data (say with -X -s 1024 options). Once data are collected, man telnet{,d} for their meanings. horio shoichi 
|
Linear Mode
