Bang on .. You are right . Its a rp-filter problem . It works after turning off rp-filter. On Fri, Aug 21, 2015 at 12:54 PM, I-Strong, Russell J <Russell.J.Strong@xxxxxxxxxx> wrote: > Could this be a rp-filter problem? Have you tried turning rp-filter off for all three interfaces. > > Sent from my BlackBerry 10 smartphone. > Original Message > From: Anand Raj Manickam > Sent: Friday, 21 August 2015 15:31 > To: lartc@xxxxxxxxxxxxxxx; Anand Raj Manickam > Subject: Routing back fails on Multiple Interfaces > > > Hi , > I have a multi nic router setup. > > 172.0.0.1/24 |---------(eth1)(Internet) > eth0(LAN)----| > |---------(eth2)(Internet) > > When both the Links are up and connected , the ROUTING fails > to route the packet back to the LAN on one of the Links . > Eg > 172.1.1.1->100.1.1.1 routed to eth1 , which(i m MASQURADING) SNAT's > to x.x.x.x ->100.1.1.1 > there is reply from 100.1.1.1->x.x.x.x. I see the packet in the > PREROUTING Mangle table and also in TCPDUMP . But after that the > packet is lost. > I did try to log the packet in FORWARD , mangle table , it did not reach here . > > Conntrack -E , also show the SYN_RECV state for the packet. > > But when only one link is in connected state , it works fine. > Also,when both the links are up it routes fine on one of the interfaces. > The connectivity of the links are fine as i m using this in a private setup. > > I m using fwmark ip route table to route the packets on the particular > interface . > I m using Linux Kernel version 3.12.14 . > > Can someone shed some light this ? > > Thanks, > Anand > -- > To unsubscribe from this list: send the line "unsubscribe lartc" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
