From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alex Samad Date: Thu, 15 Feb 2007 00:00:38 +0000 Subject: Re: [LARTC] Routing problem (RTNETLINK answers: Invalid argument) on Message-Id: <20070215000038.GU4088@samad.com.au> MIME-Version: 1 Content-Type: multipart/mixed; boundary="===============0310403322==" List-Id: References: <200702131450.13852.paul@diasoft.nl> In-Reply-To: <200702131450.13852.paul@diasoft.nl> To: lartc@vger.kernel.org --===============0310403322== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Uw+RRa3pmtkgiNaD" Content-Disposition: inline --Uw+RRa3pmtkgiNaD Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Feb 14, 2007 at 08:30:48AM +0100, Paul Viney wrote: > > > I still seem to have much the same problem. I no longer get ICMP > > > unreachable errors, but the packet just seems to disappear - I can't = see > > > it being forwarded on any interface, nor can I find any kind of reply= - > > > icmp or otherwise. > > > > sounds like a firewall issue! >=20 > It does sound like a firewall issue, but the only firewall rule I have at= the=20 > moment is the one doing the DNAT. If I do 'iptables -t nat -L -v', then I= can=20 > see the number of packets increasing. Once I remove the firewall rule, I = get=20 > my "icmp unreachable" errors again. Funnily enough, if I then reinstate t= he=20 > firewall (dnat) rule, then I still get "icmp unreachable" errors and the= =20 > packet count doesn't go up for the rule. It's almost as though the rule= =20 > doesn't get consulted. 'ip route flush cache' doesn't make a difference.= =20 > After about 5 minutes the "icmp unreachable" errors stop and the packet c= ount=20 > starts going up, although I still can't find my packet on the next hop. (= I do=20 > have forwarding switched on). The packet count on a iptables log rule on = the=20 > forward table does not go up, giving me the impression that routing has= =20 > failed.=20 This could be connection tracking, once you start a ping, connection tracki= ng will keep it in its cache, so even though you have placed it (the rule) bac= k in it doesn't count for the established link... > I also tried ip r get from 192.168.12.5, which = did=20 > indeed give me the same "RTNETLINK answers: Invalid argument" error. I gu= ess=20 > that means that my understanding of the purpose of 'ip r get' is indeed= =20 > faulty.=20 does 192.168.12.5 exist on your box, can up do an ip a also do you have forwarding on ? >=20 > Thanks for all your help so far. >=20 > Paul Viney >=20 > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >=20 --Uw+RRa3pmtkgiNaD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF06KmkZz88chpJ2MRAgVmAKD0MKg/QQsKG+dna0RpdzZHEVBAaACfTFFD Mu8yvInotnM5WIv57Tuu1QA= =o9i8 -----END PGP SIGNATURE----- --Uw+RRa3pmtkgiNaD-- --===============0310403322== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc --===============0310403322==--