[ previous ] [ next ] [ threads ]
 
 From:  Lonnie Abelbeck <lists at lonnie dot abelbeck dot com>
 To:  m0n0wall List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  traceroute with multiple WAN IP's
 Date:  Fri, 25 May 2007 10:41:10 -0500 
I use many m0n0wall feature with great success...

There is an interesting behavior that I would like to understand better.

I have a business cable modem with 3 static IP's on the WAN.  One is  
the default WAN IP, the second is a Server NAT and the third is 1:1  
NAT.  All working like a charm.

If I do a Unix traceroute from the LAN (Outbound NAT uses default WAN  
IP), without adding any rules, the return ICMP path is allowed and  
the traceroute works.

If I do a traceroute from a different subnet and Outbound NAT uses  
the default WAN IP, traceroute works.  But, if I change the Outbound  
NAT to use the Server NAT IP, the traceroute fails.

Another data point, if I perform a traceroute from the internal 1:1  
NAT'ed machine the traceroute always fails, even if I allow all  
inbound/outbound in the rules for that internal machine.

If I use "traceroute -I" same results.

Is this behavior expected?   If so, can someone explain why?

Lonnie