lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20110315085326.1a1019aa@leda.vpn.lugor.de>
Date:	Tue, 15 Mar 2011 08:53:26 +0100
From:	Christian Hesse <mail@...rm.de>
To:	Jesse Gross <jesse@...ira.com>
Cc:	netdev@...r.kernel.org
Subject: Re: sky2, vlan and nat/masquerading

On Mon, 14 Mar 2011 18:55:17 -0700 Jesse Gross <jesse@...ira.com> wrote:
> On Mon, Mar 14, 2011 at 3:11 AM, Christian Hesse <mail@...rm.de> wrote:
> > Ok, let me explain step by step:
> 
> Thank you, this helps a lot in understanding your setup.
> 
> >
> > * Host sends icmp echo request (172.16.0.21 -> 192.168.100.3) to router
> >  172.16.0.1, the packet is untagged.
> > * Switch receives the packet on native interface with vid 2, tags it and
> > sends it to the trunk)
> > * Netbook receives the packet from trunk, untags it an queues it to vlan
> >  interface 2.
> > * Netbook nats the packet (192.168.x.140 > 192.168.100.3), tags it with
> > vlan 2 and sends it to the trunk.
> 
> For clarity, I'm assuming that this is supposed to be vlan 1?

Sorry, little typo. Yes, you are right.

> > * Switch receives the packet from trunk, untags it and sends it to native
> >  interface with vlan 1.
> > * The packet and its answer (192.168.100.3 -> 192.168.x.140) make their
> > way through the network.
> > * Switch receives the icmp echo reply on native interface with vlan 1,
> > tags it and sends it to the trunk
> > * Netbook receives the packet from trunk, untags it an queues it to vlan
> >  interface 1.
> > * Netbooks restores the original addresses from nat (192.168.100.3 ->
> >  172.16.0.21), _tags_it_with_vlan_0_, tags it with vlan 2 and sends it to
> > the trunk
> 
> Can you capture a packet trace on the netbook's Ethernet interface to
> see what it thinks it is sending?

Ok, I have two traces for you: from the vlan interface and from the native
interface. First ping to 172.16.0.65 is ok, second one to 192.168.100.3 fails.

Please don't be confused, vlan 1 is vlan 3 this time and addresses
changed a little bit. ;)
-- 
Schoene Gruesse
Chris

Download attachment "tcpdump-eth.2.log" of type "application/octet-stream" (480 bytes)

Download attachment "tcpdump-eth.log" of type "application/octet-stream" (740 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ