Re: VPN Routing issues from local IP to Big Internet IPs

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ivan Pintori writes:

Maybe the problem lies on the other side. Nope. I tcpdumped ppp0, and I get the ping back from the Big Internet host. So the packet goes out and comes back correctly, it just does not get "fowarded" on to the application level so that the ping program can register it.

Just to give you an idea of what I see with tcpdump, here it comes:


[root@hoshimaru root]# ping -I ppp0 151.1.1.1
[root@hoshimaru root]# tcpdump -i ppp0
tcpdump: listening on ppp0
16:18:26.387006 172.16.XX.YY > 151.1.1.1: icmp: echo request (DF)
16:18:26.740705 151.1.1.1 > 172.16.XX.YY: icmp: echo reply (DF)
16:18:27.386941 172.16.XX.YY > 151.1.1.1: icmp: echo request (DF)
16:18:27.740039 151.1.1.1 > 172.16.XX.YY: icmp: echo reply (DF)
16:18:28.387023 172.16.XX.YY > 151.1.1.1: icmp: echo request (DF)
16:18:28.755338 151.1.1.1 > 172.16.XX.YY: icmp: echo reply (DF)
16:18:29.386988 172.16.XX.YY > 151.1.1.1: icmp: echo request (DF)
16:18:29.743806 151.1.1.1 > 172.16.XX.YY: icmp: echo reply (DF)
16:18:30.386977 172.16.XX.YY > 151.1.1.1: icmp: echo request (DF)
16:18:30.741172 151.1.1.1 > 172.16.XX.YY: icmp: echo reply (DF)



And here a traceroute:
[root@hoshimaru root]# traceroute -i ppp0 151.1.1.1
traceroute to 151.1.1.1 (151.1.1.1), 30 hops max, 38 byte packets
1 172.16.0.1 (172.16.0.1) 165.423 ms 166.358 ms 164.800 ms
2 * * *
3 * * *
[etc]


16:18:45.176421 172.16.XX.YY.34520 > 151.1.1.1.33435: udp 10 [ttl 1]
16:18:45.341516 172.16.0.1 > 172.16.XX.YY: icmp: time exceeded in-transit [tos 0xc0]
16:18:45.344151 172.16.XX.YY.34520 > 151.1.1.1.33436: udp 10 [ttl 1]
16:18:45.510231 172.16.0.1 > 172.16.XX.YY: icmp: time exceeded in-transit [tos 0xc0]
16:18:45.510560 172.16.XX.YY.34520 > 151.1.1.1.33437: udp 10 [ttl 1]
16:18:45.675086 172.16.0.1 > 172.16.XX.YY: icmp: time exceeded in-transit [tos 0xc0]
16:18:45.675423 172.16.XX.YY.34520 > 151.1.1.1.33438: udp 10
16:18:45.842148 SECONDHOP > 172.16.XX.YY: icmp: time exceeded in-transit
16:18:50.667262 172.16.XX.YY.34520 > 151.1.1.1.33439: udp 10
16:18:50.831541 SECONDHOP > 172.16.XX.YY: icmp: time exceeded in-transit
16:18:55.667351 172.16.XX.YY.34520 > 151.1.1.1.33440: udp 10
16:18:55.835469 SECONDHOP > 172.16.XX.YY: icmp: time exceeded in-transit
16:19:00.667955 172.16.XX.YY.34520 > 151.1.1.1.33441: udp 10
16:19:00.833257 THIRDHOP > 172.16.XX.YY: icmp: time exceeded in-transit
16:19:05.667458 172.16.XX.YY.34520 > 151.1.1.1.33442: udp 10
16:19:05.833473 THIRDHOP > 172.16.XX.YY: icmp: time exceeded in-transit
16:19:10.667546 172.16.XX.YY.34520 > 151.1.1.1.33443: udp 10
16:19:10.834686 THIRDHOP > 172.16.XX.YY: icmp: time exceeded in-transit
16:19:15.667676 172.16.XX.YY.34520 > 151.1.1.1.33444: udp 10
16:19:15.852906 FORTHHOP > 172.16.XX.YY: icmp: time exceeded in-transit
16:19:20.667643 172.16.XX.YY.34520 > 151.1.1.1.33445: udp 10
16:19:20.855853 FORTHHOP > 172.16.XX.YY: icmp: time exceeded in-transit
16:19:25.667731 172.16.XX.YY.34520 > 151.1.1.1.33446: udp 10
16:19:26.037855 FORTHHOP > 172.16.XX.YY: icmp: time exceeded in-transit


Now you see why I am so puzzled? The packet goes out with the correct IP and comes back to the right IP. Too back that traceroute and ping just time out, and so every other application!

ivan
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux