From: Mike Fedyk <mfedyk@matchmail.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Why 'ping' only succeed in one direction?
Date: Thu, 31 May 2001 02:18:45 +0000 [thread overview]
Message-ID: <marc-lartc-99127555514474@msgid-missing> (raw)
In-Reply-To: <marc-lartc-99114800203883@msgid-missing>
On Wed, May 30, 2001 at 08:56:37PM -0500, Rodrigo Goya wrote:
> > It might be that the linux router sends you ICMP redirects as the
> > forwarding interface is the same as the incoming interface but
> > it also should've happened when you "ping 192.168.1.8 "on Sun-1.
>
> I had problems with a linux router doing NAT on the same interface,
> it was doing redirects, and though packets were "seen" on the wire with
> tcpdump, there were conflicts between private and public IPs and the
> packets were lost.
>
> Don't know if this is the case here, but just in case you could set all
> the "send_redirects" in /proc/sys/net/ipv4/conf to 0.
>
I don't think that is what's happening here.
Just today, I had one linux router with the correct source IP and a more
specific route with a different IP (I'm working with IPsec tunnels here)
When I ran a ping through the tunnel to the host described above it would
respond; but if I initiated a ping from the host, it would choose the more
specific route and thus the wrong one for my purposes.
Here's an example (this is gatway to gateway; if hosts already within the
specified subnets can't communicate, the tunnel isn't working at all):
host a
inet ip: 1.2.3.4
local subnet: 192.168.1.0/24
internal ip: 192.168.1.1
host b
inet ip: 9.8.7.6
local subnet: 10.1.1.0/24
internal ip: 10.1.1.1
tunnel:
192.168.1.0/24 (1.2.3.4) == (9.8.7.6) 10.1.1.0/24
In order to get the traffic tunneled you have to change the source IP:
on a:
ip ro rep 10.1.1.0/24 dev ($dev) src 192.168.1.1
on b:
ip ro rep 192.168.1.0/24 dev ($dev) src 10.1.1.1
</example>
Now that we have that history behind us...
What I did wrong was:
ip ro rep 10.1.1.0/24 dev ($dev)
ip ro rep 10.1.1.0/8 dev ($dev) src 192.168.1.1
It would respond only to incomming packets, but not connections initiated
from this host.
Ok.... I looked at the origional post... didn't before... :(
This won't help at all. Maybe it'll help someone else...
Mike
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
next prev parent reply other threads:[~2001-05-31 2:18 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-05-29 14:53 [LARTC] Why 'ping' only succeed in one direction? shen jing
2001-05-30 3:04 ` Krepper Guillermo
2001-05-30 8:40 ` shen jing
2001-05-30 13:54 ` Krepper Guillermo
2001-05-30 20:36 ` Ramin Alidousti
2001-05-30 20:44 ` Ramin Alidousti
2001-05-31 1:56 ` Rodrigo Goya
2001-05-31 2:18 ` Mike Fedyk [this message]
2001-05-31 2:25 ` Mike Fedyk
2001-05-31 2:50 ` shen jing
2001-05-31 3:21 ` Juergen
2001-05-31 6:13 ` shen jing
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-99127555514474@msgid-missing \
--to=mfedyk@matchmail.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.