[afnog] Packet Forwarding Issue with Linux

Mon Apr 11 11:43:19 UTC 2011

Hi Hugo,

Thanks for the help so far.  I have attached a few text files with the
information.  Something very interesting to note (hopefully a break at last
:-) is that when we turn off promiscuous mode for eth2 on server A, we do
not see the ping replies coming in, however when we turn it back on (see
tcpdump_serverA_eth2_promisc.txt), we see the replies.

Files attached are as below.

1. iptables_save.txt
2. tcpdump_serverA_eth0.txt
3. tcpdump_serverA_eth2.txt
4. tcpdump_serverA_eth2_promisc.txt -- here we have turned on promiscuous
mode for eth2
5. tcpdump_serverB_eth0.txt

Regards,
Gerald
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20110411/8c527699/attachment-0001.html>
-------------- next part --------------
# Generated by iptables-save v1.3.5 on Mon Apr 11 14:06:30 2011
*raw
:PREROUTING ACCEPT [196410:59092731]
:OUTPUT ACCEPT [167557:14483822]
COMMIT
# Completed on Mon Apr 11 14:06:30 2011
# Generated by iptables-save v1.3.5 on Mon Apr 11 14:06:30 2011
*filter
:INPUT ACCEPT [108290:10428034]
:FORWARD ACCEPT [203436:89312669]
:OUTPUT ACCEPT [184032:16354682]
COMMIT
# Completed on Mon Apr 11 14:06:30 2011
# Generated by iptables-save v1.3.5 on Mon Apr 11 14:06:30 2011
*mangle
:PREROUTING ACCEPT [349951:103096582]
:INPUT ACCEPT [108607:10447586]
:FORWARD ACCEPT [203812:89338486]
:OUTPUT ACCEPT [184793:16479863]
:POSTROUTING ACCEPT [388516:105798628]
-A FORWARD -s 192.168.1.0/255.255.255.0 -j MARK --set-mark 0x32 
-A FORWARD -s 1.2.2.192/255.255.255.240 -j MARK --set-mark 0x33 
-A FORWARD -d 192.168.1.0/255.255.255.0 -j MARK --set-mark 0x34 
-A FORWARD -d 1.2.2.192/255.255.255.240 -j MARK --set-mark 0x35 
-A FORWARD -s 192.168.1.0/255.255.255.0 -j MARK --set-mark 0x32 
-A FORWARD -s 1.2.2.192/255.255.255.240 -j MARK --set-mark 0x33 
-A FORWARD -d 192.168.1.0/255.255.255.0 -j MARK --set-mark 0x34 
-A FORWARD -d 1.2.2.192/255.255.255.240 -j MARK --set-mark 0x35 
COMMIT
# Completed on Mon Apr 11 14:06:30 2011
# Generated by iptables-save v1.3.5 on Mon Apr 11 14:06:30 2011
*nat
:PREROUTING ACCEPT [64725:6006681]
:POSTROUTING ACCEPT [23260:1606555]
:OUTPUT ACCEPT [39540:2668769]
-A POSTROUTING -s 1.2.3.42 -o eth2 -j SNAT --to-source 1.2.2.206 
COMMIT
# Completed on Mon Apr 11 14:06:30 2011
-------------- next part --------------
Script started on Mon 11 Apr 2011 02:07:27 PM EAT
[root at server-A ~]# tcpdump -n -e -p -i eth0 \( src host 1.2.2.205 or dst hhost 1.2.2.205 or src host 4.2.2.2 or dst host 4.2.2.2 \)
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
14:21:27.077753 00:40:f4:6f:95:b1 > b8:ac:6f:3f:a2:c8, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 1, length 64
14:21:28.081847 00:40:f4:6f:95:b1 > b8:ac:6f:3f:a2:c8, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 2, length 64
14:21:29.081990 00:40:f4:6f:95:b1 > b8:ac:6f:3f:a2:c8, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 3, length 64
14:21:30.085101 00:40:f4:6f:95:b1 > b8:ac:6f:3f:a2:c8, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 4, length 64
14:21:31.085302 00:40:f4:6f:95:b1 > b8:ac:6f:3f:a2:c8, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 5, length 64
14:21:32.075493 00:40:f4:6f:95:b1 > b8:ac:6f:3f:a2:c8, ethertype ARP (0x0806), length 60: arp who-has 1.2.2.206 tell 1.2.2.205
14:21:32.075514 b8:ac:6f:3f:a2:c8 > 00:40:f4:6f:95:b1, ethertype ARP (0x0806), length 42: arp reply 1.2.2.206 is-at b8:ac:6f:3f:a2:c8
14:21:32.095854 00:40:f4:6f:95:b1 > b8:ac:6f:3f:a2:c8, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 6, length 64
14:21:33.096988 00:40:f4:6f:95:b1 > b8:ac:6f:3f:a2:c8, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 7, length 64
14:21:34.096239 00:40:f4:6f:95:b1 > b8:ac:6f:3f:a2:c8, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 8, length 64
14:21:35.096055 00:40:f4:6f:95:b1 > b8:ac:6f:3f:a2:c8, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 9, length 64
14:21:36.095323 00:40:f4:6f:95:b1 > b8:ac:6f:3f:a2:c8, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 10, length 64
14:21:37.095233 00:40:f4:6f:95:b1 > b8:ac:6f:3f:a2:c8, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 11, length 64
14:21:38.094544 00:40:f4:6f:95:b1 > b8:ac:6f:3f:a2:c8, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 12, length 64

14 packets captured
14 packets received by filter
0 packets dropped by kernel
[root at server-A ~]# exit
exit

Script done on Mon 11 Apr 2011 02:21:47 PM EAT
-------------- next part --------------
Script started on Mon 11 Apr 2011 02:07:28 PM EAT
[root at server-A ~]# tcpdump -n -e -p -i eth2 \( src host 1.2.2.205 or dst hhost 1.2.2.205 or src host 4.2.2.2 or dst host 4.2.2.2 \)
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2, link-type EN10MB (Ethernet), capture size 96 bytes
14:21:27.077882 f0:7d:68:fe:85:09 > 00:0b:46:50:1a:00, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 1, length 64
14:21:28.081864 f0:7d:68:fe:85:09 > 00:0b:46:50:1a:00, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 2, length 64
14:21:29.082001 f0:7d:68:fe:85:09 > 00:0b:46:50:1a:00, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 3, length 64
14:21:30.085113 f0:7d:68:fe:85:09 > 00:0b:46:50:1a:00, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 4, length 64
14:21:31.085315 f0:7d:68:fe:85:09 > 00:0b:46:50:1a:00, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 5, length 64
14:21:32.095871 f0:7d:68:fe:85:09 > 00:0b:46:50:1a:00, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 6, length 64
14:21:33.097000 f0:7d:68:fe:85:09 > 00:0b:46:50:1a:00, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 7, length 64
14:21:34.096252 f0:7d:68:fe:85:09 > 00:0b:46:50:1a:00, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 8, length 64
14:21:35.096067 f0:7d:68:fe:85:09 > 00:0b:46:50:1a:00, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 9, length 64
14:21:36.095338 f0:7d:68:fe:85:09 > 00:0b:46:50:1a:00, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 10, length 64
14:21:37.095245 f0:7d:68:fe:85:09 > 00:0b:46:50:1a:00, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 11, length 64
14:21:38.094560 f0:7d:68:fe:85:09 > 00:0b:46:50:1a:00, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 12, length 64

12 packets captured
12 packets received by filter
0 packets dropped by kernel
[root at switch1-new ~]# exit
exit

Script done on Mon 11 Apr 2011 02:21:49 PM EAT
-------------- next part --------------
Script started on Mon 11 Apr 2011 02:25:19 PM EAT
[root at server-A ~]# tcpdump -n -e -i eth2 \( src host 1.2.2.205 or dst host 1.2.2.205 or src host 4.2.2.2 or dst host 4.2.2.2 \)
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2, link-type EN10MB (Ethernet), capture size 96 bytes
14:26:25.077560 f0:7d:68:fe:85:09 > 00:0b:46:50:1a:00, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 31359, seq 1, length 64
14:26:25.268354 00:0b:46:50:1a:00 > 00:13:8f:37:a3:0a, ethertype IPv4 (0x0800), length 98: 4.2.2.2 > 1.2.2.205: ICMP echo reply, id 31359, seq 1, length 64
14:26:26.079022 f0:7d:68:fe:85:09 > 00:0b:46:50:1a:00, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 31359, seq 2, length 64
14:26:26.271322 00:0b:46:50:1a:00 > 00:13:8f:37:a3:0a, ethertype IPv4 (0x0800), length 98: 4.2.2.2 > 1.2.2.205: ICMP echo reply, id 31359, seq 2, length 64
14:26:27.088886 f0:7d:68:fe:85:09 > 00:0b:46:50:1a:00, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 31359, seq 3, length 64
14:26:27.285837 00:0b:46:50:1a:00 > 00:13:8f:37:a3:0a, ethertype IPv4 (0x0800), length 98: 4.2.2.2 > 1.2.2.205: ICMP echo reply, id 31359, seq 3, length 64
14:26:28.088853 f0:7d:68:fe:85:09 > 00:0b:46:50:1a:00, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 31359, seq 4, length 64
14:26:28.287566 00:0b:46:50:1a:00 > 00:13:8f:37:a3:0a, ethertype IPv4 (0x0800), length 98: 4.2.2.2 > 1.2.2.205: ICMP echo reply, id 31359, seq 4, length 64
14:26:29.088078 f0:7d:68:fe:85:09 > 00:0b:46:50:1a:00, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 31359, seq 5, length 64
14:26:29.278778 00:0b:46:50:1a:00 > 00:13:8f:37:a3:0a, ethertype IPv4 (0x0800), length 98: 4.2.2.2 > 1.2.2.205: ICMP echo reply, id 31359, seq 5, length 64
14:26:30.088448 f0:7d:68:fe:85:09 > 00:0b:46:50:1a:00, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 31359, seq 6, length 64
14:26:30.296015 00:0b:46:50:1a:00 > 00:13:8f:37:a3:0a, ethertype IPv4 (0x0800), length 98: 4.2.2.2 > 1.2.2.205: ICMP echo reply, id 31359, seq 6, length 64

12 packets captured
13 packets received by filter
0 packets dropped by kernel
[root at server-A ~]# exi8t
bash: exi8t: command not found
[root at server-A ~]# exit
exit

Script done on Mon 11 Apr 2011 02:26:34 PM EAT
-------------- next part --------------
Script started on Mon 11 Apr 2011 02:12:45 PM EAT
[root at server-B tmp]# tcpdump -n -e -p -i eth0 \( src host 4.2.2.2 or dst host 4.2.2.2 \)
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
14:21:10.956507 00:40:f4:6f:95:b1 > b8:ac:6f:3f:a2:c8, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 1, length 64
14:21:11.960731 00:40:f4:6f:95:b1 > b8:ac:6f:3f:a2:c8, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 2, length 64
14:21:12.960937 00:40:f4:6f:95:b1 > b8:ac:6f:3f:a2:c8, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 3, length 64
14:21:13.964104 00:40:f4:6f:95:b1 > b8:ac:6f:3f:a2:c8, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 4, length 64
14:21:14.964359 00:40:f4:6f:95:b1 > b8:ac:6f:3f:a2:c8, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 5, length 64
14:21:15.974969 00:40:f4:6f:95:b1 > b8:ac:6f:3f:a2:c8, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 6, length 64
14:21:16.976156 00:40:f4:6f:95:b1 > b8:ac:6f:3f:a2:c8, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 7, length 64
14:21:17.975462 00:40:f4:6f:95:b1 > b8:ac:6f:3f:a2:c8, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 8, length 64
14:21:18.975331 00:40:f4:6f:95:b1 > b8:ac:6f:3f:a2:c8, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 9, length 64
14:21:19.974656 00:40:f4:6f:95:b1 > b8:ac:6f:3f:a2:c8, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 10, length 64
14:21:20.974619 00:40:f4:6f:95:b1 > b8:ac:6f:3f:a2:c8, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 11, length 64
14:21:21.973987 00:40:f4:6f:95:b1 > b8:ac:6f:3f:a2:c8, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 50302, seq 12, length 64

12 packets captured
24 packets received by filter
0 packets dropped by kernel

Script done on Mon 11 Apr 2011 02:21:39 PM EAT