hi u all,

Today I faced a kind of strange problem for me.

I'll start with a simble topology.
WinPC - linux router - access concentrator - PC

There's an Apache web server on the WinPC. From the linux router I have access to the web server, from the PC I have ping to the WinPC. However, traceroutes from PC to WinPC can reach only the access concentrator, mtr from PC to WinPC traces the pat to the WinPC.

Also, when I try #nmap -p 80 <winPC ip> -> host down. At the same time I can lynx from the linux router and access the web serer.

Is there someone who has an idea why this difference is between the work of traceroute and mtr, and of course an idea why all these strange problems could be!

Hello,

It's hard to tell what's going on from your description. Could you describe the links a little more? What are the IP addresses (mangle them if you don't want to show internet IPs). Is the access concentrator a layer 2 device (an ethernet switch/hub/repeater) or a layer 3 (IP networking, cisco/linux box)?

Now for my guess. Assuming the access concentrator is like an ethernet hub, it only knows about ethernet (or your device's) MAC address. You need to turn on proxy arp. This would be if the linux router, winPC, and PC are on the same IP subnet. The linux router knows to forward packets from the WinPC, but the PC and concentrator don't know how to get to the WinPC (as it is hidden on the physical level by the linux router).

So try, as root:
echo 1 > /proc/sys/net/ipv4/conf/all/proxy_arp

I really don't know if this is the proper solution (or a solution at all) unless you describe the network a little more.

Hope this helps,
chris

ok bastard23, I'll try to decribe the net with ips

winPC - ip1 212.36.29.108
ip2 192.168.7.4

192.168.7.1 eth0 - linux router - eth1 10.10.0.200

AC - ip 10.10.0.1

PC - conected to AC with ip 10.10.0.236
-----------------------------------------------------------
in the AC I have a static route: dst-address=212.36.29.108 gw=10.10.0.200
in the linux router I have S route: dst-address=212.36.29.108 gw=<dev>eth0

and again what I do:
PC#mtr 212.36.29.108
1. 10.10.0.1
2. 10.10.0.200
3 . 212.36.29.108

PC#traceroute 212.36.29.108
1. 10.10.0.1
2. *.*.*.*
3 * * * *

PC# ping 212.36.29.108
-> everything is fine

PC# try to access the web server on 212.36.29.108 -> nothing, just nothing
Linux router#lynx 212.36.29.108 -> everyghing works fine and OK
------------------------------------------------------------------------------------------------------------

So, I just have no idea. It smells like a kind of bug, but I'm still not sure and don't want it to be a bug .

again, any ideas?

It's late for me, but different traceroute's use different protocols to test this.

Originally it used icmp, but with the use of NAT's icmp ends up being blocked too often. It may be using UDP. If UDP doesn't make it through, then TCP might not make it through.

I may get a chance to test this theory tomorrow (if debian has mtr).

Good Luck,
chris

PS I'm pretty sure my current DSL setup is a little borked with icmp's. Not uncommon.

PPS (edit): run "tcpdump -s0 -w <some file name> -i eth1 host 10.10.0.236" while you test it. Use "ethereal" to look at the output in <some file name>