On Friday 17 February 2006 09:28, Steve Tracey wrote: > The problem is that A cannot get replies from D. > Using tcpdump and adding 'LOG' rules to iptables on A, B > and C shows the packet going from A to B to C and out to > D. The reply packet returns to C, crosses the tunnel to B > and promptly vanishes. A log rule in the mangle prerouting > list on B shows the packet from the tunnel: > Feb 17 07:48:54 B kernel: [mangle prerouting src]: IN=tun0 OUT= \ > MAC= SRC=64.233.167.99 DST=192.168.5.5 LEN=44 \ > TOS=0x00 PREC=0x00 TTL=48 ID=34487 DF PROTO=TCP \ > SPT=80 DPT=32882 WINDOW=8000 RES=0x00 ACK SYN URGP=0 > > Similar log rules in mangle-prerouting, and in the forward (and > input) chains never log anything. The packet is never seen again. > > Can anyone tell me where to look next? Is this a routing problem > or is something happening because of the tunnel setup? Or > something else??? Looks like rp_filter catches this, try set rp_filter off on host B. Because packets from the internet normaly should come through eth1 on host B and not on tun0. see: http://ipsysctl-tutorial.frozentux.net/ipsysctl-tutorial.html#AEN634 greets, Tami _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
