All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] Forwarding connections/packets across interfaces
@ 2006-04-18  2:12 Alan Sparks
  2006-04-18  2:36 ` Martin A. Brown
  2006-04-18  3:28 ` Alan Sparks
  0 siblings, 2 replies; 3+ messages in thread
From: Alan Sparks @ 2006-04-18  2:12 UTC (permalink / raw)
  To: lartc

Have a inter-interface routing issue, hoping someone can either throw a
clue or point me where I can get one.  This is on a CentOS 3 system.

Have interfaces eth0 and eth1.  eth0 is connected to internal network,
eth1 to separate distinct network.  The default route on the box is set
to the roter address on the eth1 network.  I have static routes defined
to send local network traffic to eth0 and eth0's router.

I have a mail server (and a test program as well) that binds to an
address on eth1, and tries to connect to an address on eth0's network.
Connections just time out.  I've tested connections where I did not bind
to a specific interface and I can make the connection.

I've set ip_forward=1, and rp_filter=0 on all interfaces, and still
cannot get a connection from eth1's address to something off of eth0's
networks.  Firewalls are disabled on the host.

Is there additional voodoo that needs to be set to allow traffic to
cross from one interface to the other?

Thanks in advance for any advice or pointers.  I hope I've made the
problem clear enough...
-Alan

-- 
Alan Sparks, UNIX/Linux Systems Integration and Administration
<asparks@doublesparks.net>



_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [LARTC] Forwarding connections/packets across interfaces
  2006-04-18  2:12 [LARTC] Forwarding connections/packets across interfaces Alan Sparks
@ 2006-04-18  2:36 ` Martin A. Brown
  2006-04-18  3:28 ` Alan Sparks
  1 sibling, 0 replies; 3+ messages in thread
From: Martin A. Brown @ 2006-04-18  2:36 UTC (permalink / raw)
  To: lartc


Greetings Alan,

 : I have a mail server (and a test program as well) that binds to 
 : an address on eth1, and tries to connect to an address on eth0's 
 : network. Connections just time out.  I've tested connections 
 : where I did not bind to a specific interface and I can make the 
 : connection.
 : 
 : I've set ip_forward=1, and rp_filter=0 on all interfaces, and 
 : still cannot get a connection from eth1's address to something 
 : off of eth0's networks.  Firewalls are disabled on the host.

Well....I don't think you should need to remove rp_filter unless you 
are performing policy routing in addition to the simple routing 
configuration you describe.

 : Is there additional voodoo that needs to be set to allow traffic 
 : to cross from one interface to the other?

Did you pay your semi-annual chicken-sacrificing bill?  If not, I 
may not be able to help you.

OK, seriously, I have just tested exactly this sort of connection on 
a similarly configured network.  It works exactly as you want it to.  
I'm guessing that you have some packet filter somewhere which is 
interfering.  How would you be able to tell?  First, watch traffic 
to see if it is ever leaving your router, and watch on your 
mailserver to see that traffic is arriving:

      router# tcpdump -nn -i eth0 host $MAILSERVER_IP
  mailserver# tcpdump -nn -i eth0 host $ROUTER_IP_0 or host $ROUTER_IP_1
  
Now, make those connections from your router (with your TCP testing 
tool of choice):

      router# socat - TCP4:$MAILSERVER_IP:$SERVICE,bind=$eth0_IP
      router# nc -vvs $eth1_IP  $MAILSERVER_IP  $SERVICE

If you don't see any traffic leaving your router, is it possible 
that you have a strange POSTROUTING rule which does not refer to 
output interface?

Good luck,

-Martin

-- 
Martin A. Brown             
http://linux-ip.net/ 
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [LARTC] Forwarding connections/packets across interfaces
  2006-04-18  2:12 [LARTC] Forwarding connections/packets across interfaces Alan Sparks
  2006-04-18  2:36 ` Martin A. Brown
@ 2006-04-18  3:28 ` Alan Sparks
  1 sibling, 0 replies; 3+ messages in thread
From: Alan Sparks @ 2006-04-18  3:28 UTC (permalink / raw)
  To: lartc

Martin A. Brown wrote:
> Did you pay your semi-annual chicken-sacrificing bill?  If not, I 
> may not be able to help you.
>   
That bill is paid, but my ticket on the clue train isn't...

Hour after I wrote that, I realized there's not return path for 
packets.  At least to that source address.
Have a potential solution working using SNAT.  Thanks for indulging me.
-Alan

-- 
Alan Sparks, UNIX/Linux Systems Integration and Administration
<asparks@doublesparks.net>

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-04-18  3:28 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-04-18  2:12 [LARTC] Forwarding connections/packets across interfaces Alan Sparks
2006-04-18  2:36 ` Martin A. Brown
2006-04-18  3:28 ` Alan Sparks

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.