[afnog] Packet Forwarding Issue with Linux

Gerald Begumisa gbegumisa at gmail.com
Mon Apr 11 09:20:57 UTC 2011


On Mon, Apr 11, 2011 at 11:19 AM, Hugo Lombard <hal at elizium.za.net> wrote:

> There's only two things that come to mind:
>
> - reverse path filtering
>
> This should be unlikely, because the routing table looks OK.  But just
> for that extra bit of certainty, turn off rp_filter for eth2
> (/sbin/sysctl -w net.ipv4.conf.eth2.rp_filter=0) and see if that makes
> any difference?
>

Thanks.  I turned this off for eth2 and there was no difference.  (I also
tried turning it off on eth0, just to be sure, and that, too, didn't make a
difference).


>
> - TTL expiry
>
> A long shot too, but what is the TTL on ping reply packets coming in on
> eth2?
>

The TTL on reply packets on eth2 is 239


> Then, just to double check:  You don't see any ping reply packets
> exiting eth0 on the "router" server?
>

No - there are no ping reply packets exiting eth0 on the "router" server.
See some tcpdump information below from all servers (the time on the servers
is different but this can be quickly corrected if its a problem - however,
all information was captured at the same time):

[root at server-B: /]# tcpdump -n -i eth0 \( src host 4.2.2.2 or dst host
4.2.2.2 \)
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
11:52:13.709400 IP 1.2.2.205 > 4.2.2.2: ICMP echo request, id 7532, seq 1,
length 64
11:52:14.709495 IP 1.2.2.205 > 4.2.2.2: ICMP echo request, id 7532, seq 2,
length 64
11:52:15.709031 IP 1.2.2.205 > 4.2.2.2: ICMP echo request, id 7532, seq 3,
length 64

[root at server-A tmp]# tcpdump -n -i eth0 \( src host 1.2.2.205 or dst host
1.2.2.205 or src host 4.2.2.2 or dst host 4.2.2.2 \)
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
14:26:37.293111 IP 1.2.2.205 > 4.2.2.2: ICMP echo request, id 7532, seq 1,
length 64
14:26:38.293155 IP 1.2.2.205 > 4.2.2.2: ICMP echo request, id 7532, seq 2,
length 64
14:26:39.292636 IP 1.2.2.205 > 4.2.2.2: ICMP echo request, id 7532, seq 3,
length 64
14:26:40.296272 IP 1.2.2.205 > 4.2.2.2: ICMP echo request, id 7532, seq 4,
length 64
14:26:41.299902 IP 1.2.2.205 > 4.2.2.2: ICMP echo request, id 7532, seq 5,
length 64
14:26:42.295327 arp who-has 1.2.2.206 tell 1.2.2.205
14:26:42.295336 arp reply 1.2.2.206 is-at b8:ac:6f:3f:a2:c8
14:26:42.299473 IP 1.2.2.205 > 4.2.2.2: ICMP echo request, id 7532, seq 6,
length 64

[root at server-A ~]# tcpdump -n -i eth2 \( src host 4.2.2.2 or dst host
4.2.2.2 or src host 1.2.2.205 or dst host 1.2.2.205 \)
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2, link-type EN10MB (Ethernet), capture size 96 bytes
14:26:29.635347 IP 91.213.217.5.14933 > 1.2.2.205.socks: S
1197172585:1197172585(0) win 65535 <mss 1460,nop,nop,sackOK>
14:26:37.293132 IP 1.2.2.205 > 4.2.2.2: ICMP echo request, id 7532, seq 1,
length 64
14:26:37.484222 IP 4.2.2.2 > 1.2.2.205: ICMP echo reply, id 7532, seq 1,
length 64
14:26:38.293169 IP 1.2.2.205 > 4.2.2.2: ICMP echo request, id 7532, seq 2,
length 64
14:26:38.484177 IP 4.2.2.2 > 1.2.2.205: ICMP echo reply, id 7532, seq 2,
length 64
14:26:39.292648 IP 1.2.2.205 > 4.2.2.2: ICMP echo request, id 7532, seq 3,
length 64


> Does eth0 and eth2 connect to two different switches?
>

Yes, on the "router" server, eth0 is connected to the same switch as server
B, while eth2 is connected to the ISP's switch.  However, just in case it's
worth noting, server B, has another ethernet interface, eth1, which is
connected to the same switch.  I've attached a simple ASCII diagram to make
it clearer.

Thanks a lot for the information so far.

Regards,
Gerald
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20110411/804e8208/attachment.html>


More information about the afnog mailing list