 |
|
| Linux Forum Index » Linux - Red Hat Forum » how can I make the icmp pass through in the double nat... |
|
Page 1 of 1 |
|
| Author |
Message |
| Marco Peng... |
 Posted: Tue Oct 13, 2009 2:11 am |
|
|
|
Guest
|
Hi all
thanks for your reading.
It's my network topology. cannot be changed.
PC----->GW_A(NAT)-------->GW_B(NAT)------>Inetnet
GW_A is a linux box, configured by me, work as a router.
The PC's traceroute resule will show the GW_A in the list.
My question is: How can I make the ICMP pass through by the GW_A, do
not show it in the traceroute result as it was not exist on the path.
M.P. |
|
|
| Back to top |
|
|
|
| Marco Peng... |
| Posted: Tue Oct 13, 2009 3:22 am |
|
|
|
Guest
|
On Oct 13, 8:11 pm, Marco Peng <marco.p... at (no spam) gmail.com> wrote:
Quote: Hi all
thanks for your reading.
It's my network topology. cannot be changed.
PC----->GW_A(NAT)-------->GW_B(NAT)------>Inetnet
GW_A is a linux box, configured by me, work as a router.
The PC's traceroute resule will show the GW_A in the list.
My question is: How can I make the ICMP pass through by the GW_A, do
not show it in the traceroute result as it was not exist on the path.
M.P.
Hi again,
for example, the PC is 192.168.0.2, the GW_A LAN IP is 192.168.0.1,
GW_B LAN IP is 10.7.1.1
after I traceroute a internet site, I get the list:
1, 192.168.0.1
2, 10.7.1.1
3, A_PUBLIC_IP of the internet site
what my want is
1, 192.168.0.1
2, A_PUBLIC_IP of the internet site
no GW_B exist in the list
Is there some easy way to do that? I just know I can hack the linux
kernel to do that, right?
M.P. |
|
|
| Back to top |
|
|
|
| Greg Russell... |
| Posted: Tue Oct 13, 2009 9:55 am |
|
|
|
Guest
|
"Marco Peng" <marco.peng at (no spam) gmail.com> wrote in message
news:c6133dc1-eed2-459b-a311-238d6f8e602c at (no spam) f20g2000prn.googlegroups.com...
....
Quote: PC----->GW_A(NAT)-------->GW_B(NAT)------>Inetnet
GW_A is a linux box, configured by me, work as a router.
The PC's traceroute resule will show the GW_A in the list.
My question is: How can I make the ICMP pass through by the GW_A, do
not show it in the traceroute result as it was not exist on the path.
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all |
|
|
| Back to top |
|
|
|
| Marco Peng... |
| Posted: Tue Oct 13, 2009 8:38 pm |
|
|
|
Guest
|
On Oct 13, 11:55 pm, "Greg Russell" <m... at (no spam) privacy.net> wrote:
Quote: "Marco Peng" <marco.p... at (no spam) gmail.com> wrote in message
news:c6133dc1-eed2-459b-a311-238d6f8e602c at (no spam) f20g2000prn.googlegroups.com...
...
PC----->GW_A(NAT)-------->GW_B(NAT)------>Inetnet
GW_A is a linux box, configured by me, work as a router.
The PC's traceroute resule will show the GW_A in the list.
My question is: How can I make the ICMP pass through by the GW_A, do
not show it in the traceroute result as it was not exist on the path.
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
I got the solution
If you do not want to see GW_A :
iptables -t mangle -A PREROUTING -i <lan_interface> -j TTL --ttl-inc
1
This increments the TTL before it is decremented, so GW_A does not
see
the TTL expire and send an ICMP error.
If you do not want to see GW_B :
iptables -t mangle -A FORWARD -i <lan_interface> -j TTL --ttl-inc 1
This increments the TTL after it is decremented, so GW_B does not see
the TTL expire and send an ICMP error. |
|
|
| Back to top |
|
|
|
| Greg Russell... |
| Posted: Wed Oct 14, 2009 10:59 am |
|
|
|
Guest
|
In news:50c0f6d0-8279-47b3-8a74-7453c791723e at (no spam) x6g2000prc.googlegroups.com,
Marco Peng <marco.peng at (no spam) gmail.com> typed:
Quote: My question is: How can I make the ICMP pass through by the GW_A, do
not show it in the traceroute result as it was not exist on the
path.
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
I got the solution
If you do not want to see GW_A :
iptables -t mangle -A PREROUTING -i <lan_interface> -j TTL --ttl-inc
1
Well, you know what I always say -- "Why do something reasonable and simple
when you can go to a lot of trouble?" |
|
|
| Back to top |
|
|
|
|
|
All times are GMT - 5 Hours
The time now is Wed Dec 02, 2009 7:25 pm
|
|