[elrepo] Route problem with dual interface in elrepo kernel

Maurits van de Lande M.vandeLande at VDL-Fittings.com
Wed Jul 18 08:52:10 EDT 2012 

If you are building a router, these are my changes to sysctl.conf. The following works on el6.3.

Routing
Edit /etc/sysctl.conf
# vi  /etc/sysctl.conf

Add the following lines:
# allow icmp forwards (normal router mode)
net.ipv4.icmp_errors_use_inbound_ifaddr = 1

# enable dynamic-ip addresses
net.ipv4.ip_dynaddr = 1

# Enable proxy arp
net.ipv4.conf.default.proxy_arp = 1

Enable routing
# Controls IP packet forwarding
net.ipv4.ip_forward = 1

# Controls source route verification (0=allow asymmetric traffic)
net.ipv4.conf.default.rp_filter = 0

Best regards,

Maurits van de Lande

Van: elrepo-bounces at lists.elrepo.org [mailto:elrepo-bounces at lists.elrepo.org] Namens cute candy
Verzonden: woensdag 18 juli 2012 14:15
Aan: EL Repo General Mailing List
Onderwerp: Re: [elrepo] Route problem with dual interface in elrepo kernel

Sending again with correction
On Wed, Jul 18, 2012 at 5:43 PM, cute candy <sweetheartshere at googlemail.com<mailto:sweetheartshere at googlemail.com>> wrote:
Hi Maurits,

Thanks a lot for your reply. But your solution did not work for me. Still i am getting the same issue.

I suspect this is not specific ICMP. Any request coming to eth1 IP, is not going out through default gateway configured in eth0. But it is expected to pass through.

Also i did not check the el6 kernel in my setup.

Thanks,
Prem.
On Wed, Jul 18, 2012 at 2:16 PM, Maurits van de Lande <M.vandeLande at vdl-fittings.com<mailto:M.vandeLande at vdl-fittings.com>> wrote:
Hello,

Question: Did your setup work on a regular el6 kernel?

If not:
I have setup a centos router a while ago and faced a similar problem.

I had to add the following to /etc/sysctl.conf

I think that the icmp packets are not forwarded between the two interfaces
# allow icmp forwards (normal router mode)
net.ipv4.icmp_errors_use_inbound_ifaddr = 1

I hope this helps

Maurits van de Lande

Van: elrepo-bounces at lists.elrepo.org<mailto:elrepo-bounces at lists.elrepo.org> [mailto:elrepo-bounces at lists.elrepo.org<mailto:elrepo-bounces at lists.elrepo.org>] Namens cute candy
Verzonden: woensdag 18 juli 2012 9:04
Aan: elrepo at lists.elrepo.org<mailto:elrepo at lists.elrepo.org>
Onderwerp: [elrepo] Route problem with dual interface in elrepo kernel

Hi All,

I am using kernel version "kernel-ml-PAE-2.6.39-4.1.el5.
elrepo.i686.rpm". My machine has two network interfaces eth0 and eth1. I configured IP on both the interfaces. Below is the snippet.

eth0 Link encap:Ethernet HWaddr 00:15:17:61:D2:16
          inet addr:10.77.247.172 Bcast:10.77.247.175 Mask:255.255.255.240
          inet6 addr: 1701::215:17ff:fe61:d216/64 Scope:Global
          inet6 addr: fe80::215:17ff:fe61:d216/64 Scope:Link
          inet6 addr: 1701::59b0:2825:8287:29b8/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:77 errors:0 dropped:0 overruns:0 frame:0
          TX packets:74 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:11432 (11.1 KiB) TX bytes:7725 (7.5 KiB)
          Interrupt:17 Memory:e8180000-e81a0000

eth1 Link encap:Ethernet HWaddr 00:15:17:61:D2:17
          inet addr:10.77.243.154 Bcast:10.77.243.255 Mask:255.255.255.128
          inet6 addr: 5abe::215:17ff:fe61:d217/64 Scope:Global
          inet6 addr: 1901::215:17ff:fe61:d217/64 Scope:Global
          inet6 addr: fe80::215:17ff:fe61:d217/64 Scope:Link
          inet6 addr: 5abe::9d72:9c93:78c0:e6f6/64 Scope:Global
          inet6 addr: 1901::9d72:9c93:78c0:e6f6/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:2423 errors:0 dropped:0 overruns:0 frame:0
          TX packets:137 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:214114 (209.0 KiB) TX bytes:9211 (8.9 KiB)

lo Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MTU:16436 Metric:1
          RX packets:15851 errors:0 dropped:0 overruns:0 frame:0
          TX packets:15851 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:4133739 (3.9 MiB) TX bytes:4133739 (3.9 MiB)

I configured default gateway in eth0. Below is the snippet.

[root at ACS172 ~]# route -A inet -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.77.247.160 0.0.0.0 255.255.255.240 U 0 0 0 eth0
10.77.243.128 0.0.0.0 255.255.255.128 U 0 0 0 eth1
0.0.0.0 10.77.247.161 0.0.0.0 UG 0 0 0 eth0

Issue:

The issue is IP configured in eth1(10.77.243.154) is not pinging from other subnets(other than 10.77.243 network in my case). I captured TCP dump and could see ICMP request reaches the eth1 but ICMP response is not sent back.

Please let me know anyone faced this issue and how to resolve it. I am blocked because of this issue, any help would be really helpful.

Thanks,
Prem.

_______________________________________________
elrepo mailing list
elrepo at lists.elrepo.org<mailto:elrepo at lists.elrepo.org>
http://lists.elrepo.org/mailman/listinfo/elrepo


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.elrepo.org/pipermail/elrepo/attachments/20120718/fcc852b2/attachment.html>

More information about the elrepo mailing list