routing pb? ping not "emerging"

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,

   i'm puzzled by a ploblem and I don't know how to debug it...

   I have a firewall with 2 gateways, adsl and isdn. Main gateway is via
   adsl, backup via isdn. I setup 2 table 'adsl' and 'isdn'. You can find a
   description below.

   I made a script to test both tables. That mainly
      1. adds an 
         iptables -t mangle -A OUTPUT -d my_test_ping_node -j MARK --set-mark 3
      2. adds:
         ip rule add fwmark 3 table isdn
      3. ip route flush cloned
      4. ping to my_test_ping_node (here 217.27.90.70)


    I correctly obtain that ping packets go to the router, reach the test,
    get back to the interface... but ping don't show anything


    I see them w/ tcpdump on the firewall:

12:42:00.671314 IP 192.168.111.1 > 217.27.90.70: icmp 64: echo request seq 1
12:42:00.720840 IP 217.27.90.70 > 192.168.111.1: icmp 64: echo reply seq 1
    
    I'm sure i'm not firewalling (I use log, and nothing gets logged). If I
    change default route to isdn, ping work correctly.

    This is not the first time I get into this situation, but I never
    understood what solved it.

    I'm convinced it is a routing problem, but I'm clueless: what can it be in
    between the packet ass seen by tcpdump and the fact that ping shows it?

    Is there a way to see which rule a packet is really using?

    Thanks a lot for any possible explanation
    sandro 
    *:-)


    lo:        127.0.0.1/8
[eth0]:
  eth1:   192.168.11.254/24
  eth2:     80.20.60.252/29  ==> GW 80.20.60.249 - main adsl
  eth3:    192.168.111.1/24  ==> GW 192.168.111.254 - isdn
[eth4]:

### TABLE main:

80.20.60.248/29 dev eth2  proto kernel  scope link  src 80.20.60.252
192.168.111.0/24 dev eth3  proto kernel  scope link  src 192.168.111.1
192.168.11.0/24 dev eth1  proto kernel  scope link  src 192.168.11.254
default via 80.20.60.249 dev eth2

### TABLE adsl:
80.20.60.248/29 dev eth2  scope link  src 80.20.60.252
192.168.111.0/24 dev eth3  scope link  src 192.168.111.1
192.168.11.0/24 dev eth1  scope link  src 192.168.11.254
default via 80.20.60.249 dev eth2

### TABLE isdn:
80.20.60.248/29 dev eth2  scope link  src 80.20.60.252
192.168.111.0/24 dev eth3  scope link  src 192.168.111.1
192.168.11.0/24 dev eth1  scope link  src 192.168.11.254
default via 192.168.111.254 dev eth3
### RULES:

0:      from all lookup local
39:     from all fwmark 0x3 lookup isdn        
40:     from 80.20.60.248/29 lookup adsl
41:     from 192.168.111.0/24 lookup isdn
48:     from 192.168.11.0/24 lookup adsl
50:     from all iif eth3 lookup isdn
52:     from all iif eth2 lookup adsl
32766:  from all lookup main
32767:  from all lookup default


-- 
Sandro Dentella  *:-)
e-mail: sandro@xxxxxxxx 
http://www.tksql.org                    TkSQL Home page - My GPL work
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux