HostMapAndTcpDump

back to http://scratchpad.wikia.com/wiki/Sasecurity

Locally I can type the local host map address (192.168.1.201) and that will >remap to the remote node. If I try this from the outside i.e public ip that is routed to the local ip 192.168.1.201 which is reregistered on the eth0:1 interface, than it fails t connect or respond to pings!!

NOW if I change the routing in the router to point directly to eth0 192.168.1.200 of the gateway node, then it responds. Change it back to 192.168.1.201 host remapped remote node, then it fails. If set up a router or pc on the in side of our main router and pass a public ip to them it to works.

*ways to debug this. First off, ssh on to the gateway node, and do a tcpdump -n -i eth0 host 192.168.x.x

This will look for any traffic from the host 192.168.x.x which should be the address of the box you are pinging from. Ping the host, and see whether the traffic gets as far as the meshbox, and if it is as you expect.

Next, work out which interface is the tunnel to the remote node, and do the same type of tcpdump

and see if the traffic is making it that far, and going on the correct interface. Then ssh to the remote meshbox, and do a similar tcpdump to see if it is making it out to the remote node.

which assumes that the remote host you are trying to get to is 192.168.138.220.

This should show whether the traffic gets across the tunnel, and is from the original host. It should also show the echo replies from the destination host.

If you ping from the destination host out to the internet, does it go as the expected IP addresses? In other words, when it leaves the gateway meshbox, it should be the mapped address.

Links
* TcpDump * PagesWithTcpDump