From: boite-a-spam@plouf.fr.eu.org
Jim Mack a écrit :
> glen herrmannsfeldt wrote:
>> Jim Mack wrote:
>>
>> As far as I know, NAT is default on all such boxes.
>
> Not this one, as far as I can tell. The NAT entries are blank.
"NAT entries" usually refer to port-forwarding of specific incoming
connections. Masquerading of all outgoing connections is most often
enabled by default.
> First, a trace to the router:
>
> Trace 1.1.1.82
>
> 1 192.168.1.1 (m0n0wall.internal ok)
> -------
> 12 154.54.40.186 (te0-0-0-4.ccr21.ord01...isp)
> 13 154.54.31.21 (te3-2.ccr01.dtw04...isp)
> 14 38.112.37.86 (vl3801.na31.b020673-1.dtw04...isp)
> 15 1.1.1.82 (No rDNS)
>
>
> So we can see the router, at step 15. If there is a static route set
> up at the ISP for 2.2.2 --> 1.1.1, should we not see that same address
> at the same step, regardless of what the router itself is doing?
Not if your router does not reply.
> Instead, we get a "no response" .
>
> Trace 2.2.2.134
>
> 1 192.168.1.1 (m0n0wall.internal ok)
> -------
> 12 154.54.40.190 (te0-1-0-4.ccr21.ord01...isp)
> 13 154.54.31.21 (te3-2.ccr01.dtw04...isp)
> 14 38.112.37.82 (vl3501.na31.b020673-1.dtw04...isp)
> 15 No Response
>
> What that seems to say is that the route from 2.2.2 to 1.1.1 is
> missing, because 1.1.1 should be reached on any request for a 2.2.2
> address.
>
> Or am I misinterpreting what traceroute is telling me?
Possible. If the upstream router does not have a route and is compliant,
it should send an ICMP "destination unreachable" error back. It does
not. However I suspect that your NAT router drops incoming packets send
to any destination which is not its own WAN address.
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
