* Forwarding Problem
@ 2006-12-12 12:53 Javier A Toledano
2006-12-13 2:45 ` Grant Taylor
0 siblings, 1 reply; 2+ messages in thread
From: Javier A Toledano @ 2006-12-12 12:53 UTC (permalink / raw)
To: netfilter
Routing Problem
Internet
|
|
DSL Router with NAT Enabled
192.168.93.2/24
|
|
|
|
192.168.93.1/24 (eth1)
|
Linux Multihomed Router -- 10.0.0.25/8 (eth0) ------------------10.0.0.1 (host)
| |
192.168.10.2/24 (eth2)
|
|
|
|
192.168.10.49 (host)
The linux is running Centos 4.2. I have 3 ethernet cards, eth1
(davicom Semiconductor, Inc 21x4x DEC -Tulip Compatible), eth0 (VIA
Technologies, Ic VT6105 Rhine III)
Eth2 (intel Corporation 82547Gi Gigabit Ethernet Controller)
I don't have any rules of iptables applied to the kernel.
the content of sysctl.conf is below:
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Controls source route verification
net.ipv4.conf.default.rp_filter = 0
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
The problem is that forwarding is enabled but when I try to probe
connectivity from a host in the 10.0.0.0 net , eg 10.0.0.1 making an
echo request
to a host in 192.168.10.0 net , eg 192.168.10.49 the icmp packets
arrive to the linux box (interface eth0) but don't traverset it.
After I iniate an echo request from 192.168.10.49 to 10.0.0.1, the
packets iniatated in 10.0.0.0 net starts to traverse the router
magically.
It seems that It needs a packet from the 192.168.10.0 to start working.
I would appreciate any idea.
Thanks in advance.
Javier Toledano
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: Forwarding Problem
2006-12-12 12:53 Forwarding Problem Javier A Toledano
@ 2006-12-13 2:45 ` Grant Taylor
0 siblings, 0 replies; 2+ messages in thread
From: Grant Taylor @ 2006-12-13 2:45 UTC (permalink / raw)
To: Mail List - Netfilter
(Cross post of my answer on the LARTC mailing list.)
On 12/12/06 06:53, Javier A Toledano wrote:
> Routing Problem
<snip>
> The problem is that forwarding is enabled but when I try to probe
> connectivity from a host in the 10.0.0.0 net , eg 10.0.0.1 making an
> echo request
> to a host in 192.168.10.0 net , eg 192.168.10.49 the icmp packets
> arrive to the linux box (interface eth0) but don't traverset it.
> After I iniate an echo request from 192.168.10.49 to 10.0.0.1, the
> packets iniatated in 10.0.0.0 net starts to traverse the router
> magically.
> It seems that It needs a packet from the 192.168.10.0 to start working.
>
> I would appreciate any idea.
I'm not a CentOS user so I can not say for sure. However I would expect
that (despite what you say) that there is some sort of IPTables stateful
packet inspection going on from your 10/ network to your 192.168/
network. If this is indeed the case and the rule is a basic state of
ESTABLISHED, RELATED, then any traffic from 10/ to 192.168/ AFTER you
sent traffic from 192.168/ to 10/ would be considered RELATED and thus
allowed through.
However, if as you say, there are no IPTables rules in play at all
something else is interfering with your traffic, what it would be, I'm
not sure.
Try running iptables-save to make sure that there are absolutely no
rules in effect any where.
Grant. . . .
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-12-13 2:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-12-12 12:53 Forwarding Problem Javier A Toledano
2006-12-13 2:45 ` Grant Taylor
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox