All of lore.kernel.org
 help / color / mirror / Atom feed
From: Paul Zirnik <tami@disconnected.de>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Packet vanishes after mangle-prerouting.
Date: Fri, 17 Feb 2006 18:58:59 +0000	[thread overview]
Message-ID: <200602171958.59410.tami@disconnected.de> (raw)
In-Reply-To: <20060217082807.38219.qmail@web37409.mail.mud.yahoo.com>

On Friday 17 February 2006 09:28, Steve Tracey wrote:

>  The problem is that A cannot get replies from D.
>  Using tcpdump and adding 'LOG' rules to iptables on A, B
>  and C shows the packet going from A to B to C and out to
>  D. The reply packet returns to C, crosses the tunnel to B
>  and promptly vanishes. A log rule in the mangle prerouting
>  list on B shows the packet from the tunnel:
>  Feb 17 07:48:54 B kernel: [mangle prerouting src]: IN=tun0 OUT= \
>     MAC= SRCd.233.167.99 DST\x192.168.5.5 LEND \
>     TOS=0x00 PREC=0x00 TTLH ID4487 DF PROTO=TCP \
>     SPT€ DPT2882 WINDOW€00 RES=0x00 ACK SYN URGP=0
>
>  Similar log rules in mangle-prerouting, and in the forward (and
>  input) chains never log anything. The packet is never seen again.
>
>  Can anyone tell me where to look next? Is this a routing problem
>  or is something happening because of the tunnel setup? Or
>  something else???

Looks like rp_filter catches this, try set rp_filter off on host B.
Because packets from the internet normaly should come through eth1 on
host B and not on tun0.

see: http://ipsysctl-tutorial.frozentux.net/ipsysctl-tutorial.html#AEN634


greets,
     Tami
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

  reply	other threads:[~2006-02-17 18:58 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-02-17  8:28 [LARTC] Packet vanishes after mangle-prerouting Steve Tracey
2006-02-17 18:58 ` Paul Zirnik [this message]
2006-02-18  7:42 ` Steve Tracey

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200602171958.59410.tami@disconnected.de \
    --to=tami@disconnected.de \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.