From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paul Zirnik <tami@disconnected.de>
Date: Fri, 17 Feb 2006 18:58:59 +0000
Subject: Re: [LARTC] Packet vanishes after mangle-prerouting.
Message-Id: <200602171958.59410.tami@disconnected.de>
List-Id: <lartc.vger.kernel.org>
References: <20060217082807.38219.qmail@web37409.mail.mud.yahoo.com>
In-Reply-To: <20060217082807.38219.qmail@web37409.mail.mud.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
To: lartc@vger.kernel.org

On Friday 17 February 2006 09:28, Steve Tracey wrote:

>  The problem is that A cannot get replies from D.
>  Using tcpdump and adding 'LOG' rules to iptables on A, B
>  and C shows the packet going from A to B to C and out to
>  D. The reply packet returns to C, crosses the tunnel to B
>  and promptly vanishes. A log rule in the mangle prerouting
>  list on B shows the packet from the tunnel:
>  Feb 17 07:48:54 B kernel: [mangle prerouting src]: IN=3Dtun0 OUT=3D \
>     MAC=3D SRCd.233.167.99 DST=192.168.5.5 LEND \
>     TOS=3D0x00 PREC=3D0x00 TTLH ID4487 DF PROTO=3DTCP \
>     SPT=80 DPT2882 WINDOW=8000 RES=3D0x00 ACK SYN URGP=3D0
>
>  Similar log rules in mangle-prerouting, and in the forward (and
>  input) chains never log anything. The packet is never seen again.
>
>  Can anyone tell me where to look next? Is this a routing problem
>  or is something happening because of the tunnel setup? Or
>  something else???

Looks like rp_filter catches this, try set rp_filter off on host B.
Because packets from the internet normaly should come through eth1 on
host B and not on tun0.

see: http://ipsysctl-tutorial.frozentux.net/ipsysctl-tutorial.html#AEN634


greets,
     Tami
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc