Re: Forwarding connections/packets across interfaces

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Greetings Alan,

 : I have a mail server (and a test program as well) that binds to 
 : an address on eth1, and tries to connect to an address on eth0's 
 : network. Connections just time out.  I've tested connections 
 : where I did not bind to a specific interface and I can make the 
 : connection.
 : 
 : I've set ip_forward=1, and rp_filter=0 on all interfaces, and 
 : still cannot get a connection from eth1's address to something 
 : off of eth0's networks.  Firewalls are disabled on the host.

Well....I don't think you should need to remove rp_filter unless you 
are performing policy routing in addition to the simple routing 
configuration you describe.

 : Is there additional voodoo that needs to be set to allow traffic 
 : to cross from one interface to the other?

Did you pay your semi-annual chicken-sacrificing bill?  If not, I 
may not be able to help you.

OK, seriously, I have just tested exactly this sort of connection on 
a similarly configured network.  It works exactly as you want it to.  
I'm guessing that you have some packet filter somewhere which is 
interfering.  How would you be able to tell?  First, watch traffic 
to see if it is ever leaving your router, and watch on your 
mailserver to see that traffic is arriving:

      router# tcpdump -nn -i eth0 host $MAILSERVER_IP
  mailserver# tcpdump -nn -i eth0 host $ROUTER_IP_0 or host $ROUTER_IP_1
  
Now, make those connections from your router (with your TCP testing 
tool of choice):

      router# socat - TCP4:$MAILSERVER_IP:$SERVICE,bind=$eth0_IP
      router# nc -vvs $eth1_IP  $MAILSERVER_IP  $SERVICE

If you don't see any traffic leaving your router, is it possible 
that you have a strange POSTROUTING rule which does not refer to 
output interface?

Good luck,

-Martin

-- 
Martin A. Brown             
http://linux-ip.net/ 
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux