Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora User (http://www.linux-archive.org/fedora-user/)
-   -   Routing not working (http://www.linux-archive.org/fedora-user/532896-routing-not-working.html)

Dan Track 05-31-2011 07:34 AM

Routing not working
 
Hi,

I've got a server where I've got two interfaces (vlan 200 and vlan
300). If I get traffic coming into vlan 200 but sourced from a network
that vlan 200 subnet doesn't know about, the server should send the
traffic out of it's default gateway i.e. vlan 300, but this isn't
happening. If I do a tcpdump on both interfaces I can see traffic
coming in on vlan 200 but failing to even be present on the return in
vlan 300 (not even present on vlan 200 - did it for sanity sake).
However, if I put in an explicit route in stating that this unknown
network exists out of vlan 200 then everything works fine.

My routing table is like this:

ip route
166.14.134.144/28 dev vlan200 proto kernel scope link src 166.14.134.154
159.156.137.32/28 dev vlan300 proto kernel scope link src 159.156.137.42
127.0.0.0/8 dev lo scope link
default via 159.156.137.33 dev vlan300

vlan 200 and vlan 300 sit on the same bonded interface. Trunking is
set on the switch.

It's almost as though the OS (kernel) is saying that you can't take
input from one int and then send it out another int. Are there some
parameters I need to change?

Thanks for any help.

Dan
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

fedora 05-31-2011 07:48 AM

Routing not working
 
echo "1" > /proc/sys/net/ipv4/ip_forward

suomi

On 2011-05-31 09:34, Dan Track wrote:
> Hi,
>
> I've got a server where I've got two interfaces (vlan 200 and vlan
> 300). If I get traffic coming into vlan 200 but sourced from a network
> that vlan 200 subnet doesn't know about, the server should send the
> traffic out of it's default gateway i.e. vlan 300, but this isn't
> happening. If I do a tcpdump on both interfaces I can see traffic
> coming in on vlan 200 but failing to even be present on the return in
> vlan 300 (not even present on vlan 200 - did it for sanity sake).
> However, if I put in an explicit route in stating that this unknown
> network exists out of vlan 200 then everything works fine.
>
> My routing table is like this:
>
> ip route
> 166.14.134.144/28 dev vlan200 proto kernel scope link src 166.14.134.154
> 159.156.137.32/28 dev vlan300 proto kernel scope link src 159.156.137.42
> 127.0.0.0/8 dev lo scope link
> default via 159.156.137.33 dev vlan300
>
> vlan 200 and vlan 300 sit on the same bonded interface. Trunking is
> set on the switch.
>
> It's almost as though the OS (kernel) is saying that you can't take
> input from one int and then send it out another int. Are there some
> parameters I need to change?
>
> Thanks for any help.
>
> Dan
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Dan Track 05-31-2011 07:53 AM

Routing not working
 
On Tue, May 31, 2011 at 8:48 AM, fedora <fedora@ayni.com> wrote:
> echo "1" > /proc/sys/net/ipv4/ip_forward
>
> suomi


Thanks,

Forgot to mention, that's already done.

cat /proc/sys/net/ipv4/ip_forward
1

Any other thoughts on this?

Thanks
Dan
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Dan Track 05-31-2011 01:17 PM

Routing not working
 
On Tue, May 31, 2011 at 8:53 AM, Dan Track <dan.track@gmail.com> wrote:
> On Tue, May 31, 2011 at 8:48 AM, fedora <fedora@ayni.com> wrote:
>> echo "1" > /proc/sys/net/ipv4/ip_forward
>>
>> suomi
>
>
> Thanks,
>
> Forgot to mention, that's already done.
>
> cat /proc/sys/net/ipv4/ip_forward
> 1
>
> Any other thoughts on this?
>
> Thanks
> Dan
>
Hey,

Just for future reference I figured out the problem. You need to run
on rp_filter on the interfaces you wish to include in the routing
process.

Dan
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Tom Horsley 05-31-2011 01:29 PM

Routing not working
 
On Tue, 31 May 2011 14:17:44 +0100
Dan Track wrote:

> Just for future reference I figured out the problem. You need to run
> on rp_filter on the interfaces you wish to include in the routing
> process.

What exactly does that mean, and how do I do it? I've never
heard of it before, but it could easily be the reason
I haven't been able to get my USB wi-fi dongle working
as an access point in f15 while doing all the exact same
things I did in f14 (where it works perfectly).
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Genes MailLists 05-31-2011 01:41 PM

Routing not working
 
On 05/31/2011 09:29 AM, Tom Horsley wrote:
> On Tue, 31 May 2011 14:17:44 +0100
> Dan Track wrote:
>
>> Just for future reference I figured out the problem. You need to run
>> on rp_filter on the interfaces you wish to include in the routing
>> process.
>
> What exactly does that mean, and how do I do it? I've never
> heard of it before, but it could easily be the reason
> I haven't been able to get my USB wi-fi dongle working
> as an access point in f15 while doing all the exact same
> things I did in f14 (where it works perfectly).

rp_filter (/proc/sys/net/ipv4/conf/*/rp_filter) attempts to avoid src
IP spoofing by checking src IP of packet and ensuring that it goes out
the way it came - to be a little more specific - if the 'best route' to
that src ip is not the same interface the packet came in on, rp_filter
will drop the packet.

Usually its fine (correct) to leave rp_filter on - be thoughtful if
you're doing something funky with routing tables.

Thats my recollection anyway ... you turn it on/off echo 1/0 into the
/proc/sys/xxx

gene/

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Tom Horsley 05-31-2011 01:48 PM

Routing not working
 
On Tue, 31 May 2011 09:41:53 -0400
Genes MailLists wrote:

> Usually its fine (correct) to leave rp_filter on - be thoughtful if
> you're doing something funky with routing tables.

I never know what I'm doing with networking :-). I just
find prescriptions in google and try them, never
managing to get a clue what they mean. This is something
new to try (I'll have to check and see if the settings
are different in f14 and f15 by default). Thanks.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Tom Horsley 06-01-2011 02:02 PM

Routing not working
 
On Tue, 31 May 2011 09:29:09 -0400
Tom Horsley wrote:

> I haven't been able to get my USB wi-fi dongle working
> as an access point in f15 while doing all the exact same
> things I did in f14 (where it works perfectly).

Well, I finally got a change to try this, and nothing
I do to rp_filter (which seemed to have the same values
on f15 it has on f14 anyway) seems to have an effect.
I just can't get packets to do NAT routing when my
cellphone connects (at least that would explain my
symptoms). The phone connects, it talks to the DHCP
server and gets the expected IP addr in my private
subnet, but it can't talk to anyone else.

At this point I'm tempted to change the name of
the interface back to eth0 from the new em1 name
it gets in f15 just to see if maybe someone has
an eth0 hard coded somewhere :-).

Anyone have any pointers for debugging routing?
Anyone know of something that maybe changed in
this vicinity in f15?
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Genes MailLists 06-01-2011 02:24 PM

Routing not working
 
On 06/01/2011 10:02 AM, Tom Horsley wrote:
> On Tue, 31 May 2011 09:29:09 -0400
> Tom Horsley wrote:
>

>
> At this point I'm tempted to change the name of
> the interface back to eth0 from the new em1 name
> it gets in f15 just to see if maybe someone has
> an eth0 hard coded somewhere :-).
>
> Anyone have any pointers for debugging routing?
> Anyone know of something that maybe changed in
> this vicinity in f15?


Mmm ... perhaps you could assemble more information for people to look
at ...

I'd suggest the following to start with - for the system set up and
what you believe should be working. Then please explain exactly what is
not working (packets from where to where) and what you are trying to do
(in terms of the interfaces etc named below) - are you using ipv4 only
or is ipv6 in play too ?

ifconfig
iwconfig

ip route
ip addr show

cat /proc/sys/net/ipv4/ip_forward

# you -may- at some point want to log martians but probably not yet
for i in /proc/sys/net/ipv4/conf/*/log_martians
do
echo 1 > $i
done

Also your relevant iptables rules could be important here too hold off
for the moment till people understand exactly what you're trying to do
with what interface and routing what to where.


gene

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Genes MailLists 06-01-2011 02:25 PM

Routing not working
 
On 06/01/2011 10:02 AM, Tom Horsley wrote:
> On Tue, 31 May 2011 09:29:09 -0400
> Tom Horsley wrote:
>

>
> Anyone have any pointers for debugging routing?
> Anyone know of something that maybe changed in
> this vicinity in f15?

One quick question - did you change your iptables rules to use the new
interface names ?
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


All times are GMT. The time now is 06:37 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.