[afnog] Packet Forwarding Issue with Linux

Hugo Lombard hal at elizium.za.net
Mon Apr 11 11:59:48 UTC 2011


On Mon, Apr 11, 2011 at 02:43:19PM +0300, Gerald Begumisa wrote:
>    Hi Hugo,
> 
>    Thanks for the help so far.  I have attached a few text files with the
>    information.  Something very interesting to note (hopefully a break at
>    last :-) is that when we turn off promiscuous mode for eth2 on server A,
>    we do not see the ping replies coming in, however when we turn it back on
>    (see tcpdump_serverA_eth2_promisc.txt), we see the replies.
> 


Hi Gerald

Yes, I think we've finally achieved a breakthrough!

> [root at server-A ~]# tcpdump -n -e -i eth2 \( src host 1.2.2.205 or dst host 1.2.2.205 or src host 4.2.2.2 or dst host 4.2.2.2 \)
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth2, link-type EN10MB (Ethernet), capture size 96 bytes
> 14:26:25.077560 f0:7d:68:fe:85:09 > 00:0b:46:50:1a:00, ethertype IPv4 (0x0800), length 98: 1.2.2.205 > 4.2.2.2: ICMP echo request, id 31359, seq 1, length 64
> 14:26:25.268354 00:0b:46:50:1a:00 > 00:13:8f:37:a3:0a, ethertype IPv4 (0x0800), length 98: 4.2.2.2 > 1.2.2.205: ICMP echo reply, id 31359, seq 1, length 64

You can see from the above that the packet leaves your router with MAC
f0:7d:68:fe:85:09, destined for MAC 00:0b:46:50:1a:00.  However,
00:0b:46:50:1a:00 replies to 00:13:8f:37:a3:0a instead!

So, the packet is actually going to the wrong server.  Your router won't
accept the packet since the destination MAC on the reply doesn't match
your NICs MAC.

Likely issue is an outdated ARP table on your ISP's device, or an actual
device on the network with the same IP address as your router.

I suspect you have an idea on how to proceed?  If you need more
assistance, please do shout.

-- 
Hugo Lombard



More information about the afnog mailing list