• Subject: Re: At wit's end with IP filtering
  • From: "Fred Kulack" <kulack@xxxxxxxxxx>
  • Date: Mon, 22 Jan 2001 09:55:42 -0600
  • Importance: Normal


> 10.10.10.104 --> 63.64.65.66 (initial request)
> 63.64.65.66 --> 10.10.10.102 (request forwarded to Linux box!)
> 10.10.10.102 --> 63.64.65.66 (response from Linux box to router)
> 63.64.65.66 --> 10.10.10.104 (response finally returned to me)

> Notice how the router handles the port forwarding... it sends a request
to
> the destination device, but only after spoofing the source address to be
the
> realworld address of the router! I don't have the time to sit and think
it
> through; I'd think you would just leave the real source address in place,
or
> else pass the WAN address of the router (not the realworld address).

Based on other posts, I'm sure you'll fix your original problem
after you get your default route set up correctly so that the AS/400 knows
how to route any address NOT on your local subnet (i.e. 63.64.65.66 isn't
on the same subnet as 10.10.10.x), you should be fine.

But back to the configuration problem/weirdness that you didn't have time
to think about.

If you're communicating between two machines on the same local subnet,
there's no reason
for them to use the router unless they are incorrectly configured.

Although you always need a default route for IPs on different subnets
(as described in the previous posts), the 10.10.10.104 to 10.10.10.102 is a
direct hop.
i.e. The 10.10.10.104 and the 10.10.10.102 system should be able to talk
without
going through the router.

This is usually determined automatically by the TCP/IP stack due to
the correct setting of your subnet mask.
Not exactly sure how this one could get hosed up since its done
automatically most times.


+---
| This is the JAVA/400 Mailing List!
| To submit a new message, send your mail to JAVA400-L@midrange.com.
| To subscribe to this list send email to JAVA400-L-SUB@midrange.com.
| To unsubscribe from this list send email to JAVA400-L-UNSUB@midrange.com.
| Questions should be directed to the list owner: joe@zappie.net
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.