Hi all,
I know this list is for development issues, but I already asked to other
mailing list and did not found one single answer to this vary basic and
simple question:
when pinging a test host I see 'icmp reply' getting back with tcpdump but
ping doesn't show them. What is in the middle (between tcpdump and ping)?
The setup
---------
I have a firewall with 2 gateways, adsl and isdn. Main gateway is via
adsl, backup via isdn. I setup 2 table 'adsl' and 'isdn'. You can find a
description below.
I made a script to test both tables. That mainly
1. adds an
iptables -t mangle -A OUTPUT -d my_test_ping_node -j MARK --set-mark 3
2. adds:
ip rule add fwmark 3 table isdn
3. ip route flush cloned
4. ping to my_test_ping_node (here 217.27.90.70)
I correctly obtain that ping packets go to the router, reach the test,
get back to the interface... but ping doesn't show anything
I see them w/ tcpdump on the firewall:
12:42:00.671314 IP 192.168.111.1 > 217.27.90.70: icmp 64: echo request seq 1
12:42:00.720840 IP 217.27.90.70 > 192.168.111.1: icmp 64: echo reply seq 1
I'm sure i'm not firewalling (I use log, and nothing gets logged). If I
change default route to isdn, ping works correctly.
This is not the first time I get into this situation, but I never
understood what solved it.
I'm convinced it is a routing problem, but I'm clueless: what can it be in
between the packet as seen by tcpdump and the fact that ping shows it?
Why should the kernel fail understanding it is for itself?
Is there a way to see which rule a packet is really using?
Thanks a lot for any possible explanation
sandro
*:-)
lo: 127.0.0.1/8
[eth0]:
eth1: 192.168.11.254/24
eth2: 80.20.60.252/29 ==> GW 80.20.60.249 - main adsl
eth3: 192.168.111.1/24 ==> GW 192.168.111.254 - isdn
[eth4]:
### TABLE main:
80.20.60.248/29 dev eth2 proto kernel scope link src 80.20.60.252
192.168.111.0/24 dev eth3 proto kernel scope link src 192.168.111.1
192.168.11.0/24 dev eth1 proto kernel scope link src 192.168.11.254
default via 80.20.60.249 dev eth2
### TABLE adsl:
80.20.60.248/29 dev eth2 scope link src 80.20.60.252
192.168.111.0/24 dev eth3 scope link src 192.168.111.1
192.168.11.0/24 dev eth1 scope link src 192.168.11.254
default via 80.20.60.249 dev eth2
### TABLE isdn:
80.20.60.248/29 dev eth2 scope link src 80.20.60.252
192.168.111.0/24 dev eth3 scope link src 192.168.111.1
192.168.11.0/24 dev eth1 scope link src 192.168.11.254
default via 192.168.111.254 dev eth3
### RULES:
0: from all lookup local
39: from all fwmark 0x3 lookup isdn
40: from 80.20.60.248/29 lookup adsl
41: from 192.168.111.0/24 lookup isdn
48: from 192.168.11.0/24 lookup adsl
50: from all iif eth3 lookup isdn
52: from all iif eth2 lookup adsl
32766: from all lookup main
32767: from all lookup default
--
Sandro Dentella *:-)
e-mail: [EMAIL PROTECTED]
http://www.tksql.org TkSQL Home page - My GPL work
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
