Hello,
John Meissen a écrit :
>
> I had a traditional setup with two ethernet interfaces on my Linux box
> (WAN=eth0/LAN=eth1), and NATing the traffic that was forwarded between them.
>
> I added another interface (eth2), and simply want to change the default
> routing to go through it. I'm leaving various services listening on all
> interfaces.
>
> If I change the default route to use eth2, I can route from the internal
> network to the outside just fine, and I can connect from the internal net
> to services on the system fine. But incoming connections on the original
> WAN (eth0) don't complete. They hang at SYN_RECV, as if I had a DROP rule.
1) Check that source validation by reverse path is disabled for eth0
(sysctl net.ipv4.conf.{all,eth0}.rp_filter=0).
2) If you don't setup some routing policy (such as source address based
routing), packets sent in reply to packets received on eth0 will now be
sent through eth2 by default because of the new default route, but still
with the source address of eth0. Such traffic may be considered as
spoofing and discarded by the ISP eth2 is connected to.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
