<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:Mangal;
        panose-1:2 4 5 3 5 2 3 3 2 2;}
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
        {mso-style-priority:99;
        mso-style-link:"Ballontekst Char";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:8.0pt;
        font-family:"Tahoma","sans-serif";}
span.E-mailStijl17
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.BallontekstChar
        {mso-style-name:"Ballontekst Char";
        mso-style-priority:99;
        mso-style-link:Ballontekst;
        font-family:"Tahoma","sans-serif";}
.MsoChpDefault
        {mso-style-type:export-only;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="NL" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">If you are building a router, these are my changes to sysctl.conf. The following works on el6.3.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="mso-line-height-alt:5.0pt"><b><span lang="EN-US" style="font-size:20.0pt">Routing<o:p></o:p></span></b></p>
<p class="MsoNormal" style="mso-line-height-alt:5.0pt"><span lang="EN-US">Edit /etc/sysctl.conf<o:p></o:p></span></p>
<div style="mso-element:para-border-div;border:solid black 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt;background:#F2F2F2">
<p class="MsoNormal" style="mso-line-height-alt:5.0pt;background:#F2F2F2;border:none;padding:0cm">
<span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""># vi /etc/sysctl.conf<o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="mso-line-height-alt:5.0pt"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="mso-line-height-alt:5.0pt">Add the following lines:<o:p></o:p></p>
<div style="mso-element:para-border-div;border:solid black 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt;background:#F2F2F2">
<p class="MsoNormal" style="mso-line-height-alt:5.0pt;background:#F2F2F2;border:none;padding:0cm">
<span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""># allow icmp forwards (normal router mode)<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-line-height-alt:5.0pt;background:#F2F2F2;border:none;padding:0cm">
<span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">net.ipv4.icmp_errors_use_inbound_ifaddr = 1<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-line-height-alt:5.0pt;background:#F2F2F2;border:none;padding:0cm">
<span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal" style="mso-line-height-alt:5.0pt;background:#F2F2F2;border:none;padding:0cm">
<span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""># enable dynamic-ip addresses<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-line-height-alt:5.0pt;background:#F2F2F2;border:none;padding:0cm">
<span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">net.ipv4.ip_dynaddr = 1<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-line-height-alt:5.0pt;background:#F2F2F2;border:none;padding:0cm">
<span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal" style="mso-line-height-alt:5.0pt;background:#F2F2F2;border:none;padding:0cm">
<span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""># Enable proxy arp<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-line-height-alt:5.0pt;background:#F2F2F2;border:none;padding:0cm">
<span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">net.ipv4.conf.default.proxy_arp = 1<o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="mso-line-height-alt:5.0pt"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="mso-line-height-alt:5.0pt">Enable routing <o:p></o:p></p>
<div style="mso-element:para-border-div;border:solid black 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt;background:#F2F2F2">
<p class="MsoNormal" style="mso-line-height-alt:5.0pt;background:#F2F2F2;border:none;padding:0cm">
<span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""># Controls IP packet forwarding<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-line-height-alt:5.0pt;background:#F2F2F2;border:none;padding:0cm">
<span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">net.ipv4.ip_forward = 1<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-line-height-alt:5.0pt;background:#F2F2F2;border:none;padding:0cm">
<span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal" style="mso-line-height-alt:5.0pt;background:#F2F2F2;border:none;padding:0cm">
<span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""># Controls source route verification (0=allow asymmetric traffic)<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-line-height-alt:5.0pt;background:#F2F2F2;border:none;padding:0cm">
<span style="font-size:10.0pt;font-family:"Courier New"">net.ipv4.conf.default.rp_filter = 0<o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="mso-line-height-alt:5.0pt"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Best regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Maurits van de Lande<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Van:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> elrepo-bounces@lists.elrepo.org [mailto:elrepo-bounces@lists.elrepo.org]
<b>Namens </b>cute candy<br>
<b>Verzonden:</b> woensdag 18 juli 2012 14:15<br>
<b>Aan:</b> EL Repo General Mailing List<br>
<b>Onderwerp:</b> Re: [elrepo] Route problem with dual interface in elrepo kernel<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Sending again with correction<o:p></o:p></p>
<div>
<p class="MsoNormal">On Wed, Jul 18, 2012 at 5:43 PM, cute candy <<a href="mailto:sweetheartshere@googlemail.com" target="_blank">sweetheartshere@googlemail.com</a>> wrote:<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Hi Maurits,<br>
<br>
Thanks a lot for your reply. But your solution did not work for me. Still i am getting the same issue.<br>
<br>
I suspect this is not specific ICMP. Any request coming to eth1 IP, is not going out through default gateway configured in eth0. But it is expected to pass through.<br>
<br>
Also i did not check the el6 kernel in my setup.<br>
<br>
Thanks,<br>
Prem.<o:p></o:p></p>
<div>
<div>
<div>
<p class="MsoNormal">On Wed, Jul 18, 2012 at 2:16 PM, Maurits van de Lande <<a href="mailto:M.vandeLande@vdl-fittings.com" target="_blank">M.vandeLande@vdl-fittings.com</a>> wrote:<o:p></o:p></p>
</div>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Hello,</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Question: Did your setup work on a regular el6 kernel?</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">If not:</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I have setup a centos router a while ago and faced a similar problem.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I had to add the following to /etc/sysctl.conf</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I think that the icmp packets are not forwarded between the two interfaces
</span><o:p></o:p></p>
<div style="border:solid black 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt;background-attachment:scroll;background-position-x:0%;background-position-y:0%">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;background:#F2F2F2">
<span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""># allow icmp forwards (normal router mode)</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;background:#F2F2F2;background-attachment:scroll;background-position-x:0%;background-position-y:0%">
<span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">net.ipv4.icmp_errors_use_inbound_ifaddr = 1</span><o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I hope this helps</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Maurits van de Lande</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<div style="border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0cm 0cm 0cm;border-color:-moz-use-text-color -moz-use-text-color">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Van:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<a href="mailto:elrepo-bounces@lists.elrepo.org" target="_blank">elrepo-bounces@lists.elrepo.org</a> [mailto:<a href="mailto:elrepo-bounces@lists.elrepo.org" target="_blank">elrepo-bounces@lists.elrepo.org</a>]
<b>Namens </b>cute candy<br>
<b>Verzonden:</b> woensdag 18 juli 2012 9:04<br>
<b>Aan:</b> <a href="mailto:elrepo@lists.elrepo.org" target="_blank">elrepo@lists.elrepo.org</a><br>
<b>Onderwerp:</b> [elrepo] Route problem with dual interface in elrepo kernel</span><o:p></o:p></p>
</div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Hi All,<br>
<br>
I am using kernel version "kernel-ml-PAE-2.6.39-4.1.el5.<o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">elrepo.i686.rpm". My machine has two network interfaces eth0 and eth1. I configured IP on both the interfaces. Below is the snippet.<br>
<br>
eth0 Link encap:Ethernet HWaddr 00:15:17:61:D2:16<br>
inet addr:10.77.247.172 Bcast:10.77.247.175 Mask:255.255.255.240<br>
inet6 addr: 1701::215:17ff:fe61:d216/64 Scope:Global<br>
inet6 addr: fe80::215:17ff:fe61:d216/64 Scope:Link<br>
inet6 addr: 1701::59b0:2825:8287:29b8/64 Scope:Global<br>
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br>
RX packets:77 errors:0 dropped:0 overruns:0 frame:0<br>
TX packets:74 errors:0 dropped:0 overruns:0 carrier:0<br>
collisions:0 txqueuelen:1000<br>
RX bytes:11432 (11.1 KiB) TX bytes:7725 (7.5 KiB)<br>
Interrupt:17 Memory:e8180000-e81a0000<br>
<br>
eth1 Link encap:Ethernet HWaddr 00:15:17:61:D2:17<br>
inet addr:10.77.243.154 Bcast:10.77.243.255 Mask:255.255.255.128<br>
inet6 addr: 5abe::215:17ff:fe61:d217/64 Scope:Global<br>
inet6 addr: 1901::215:17ff:fe61:d217/64 Scope:Global<br>
inet6 addr: fe80::215:17ff:fe61:d217/64 Scope:Link<br>
inet6 addr: 5abe::9d72:9c93:78c0:e6f6/64 Scope:Global<br>
inet6 addr: 1901::9d72:9c93:78c0:e6f6/64 Scope:Global<br>
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br>
RX packets:2423 errors:0 dropped:0 overruns:0 frame:0<br>
TX packets:137 errors:0 dropped:0 overruns:0 carrier:0<br>
collisions:0 txqueuelen:1000<br>
RX bytes:214114 (209.0 KiB) TX bytes:9211 (8.9 KiB)<br>
<br>
lo Link encap:Local Loopback<br>
inet addr:127.0.0.1 Mask:255.0.0.0<br>
inet6 addr: ::1/128 Scope:Host<br>
UP LOOPBACK RUNNING MTU:16436 Metric:1<br>
RX packets:15851 errors:0 dropped:0 overruns:0 frame:0<br>
TX packets:15851 errors:0 dropped:0 overruns:0 carrier:0<br>
collisions:0 txqueuelen:0<br>
RX bytes:4133739 (3.9 MiB) TX bytes:4133739 (3.9 MiB)<br>
<br>
I configured default gateway in eth0. Below is the snippet.<br>
<br>
[root@ACS172 ~]# route -A inet -n<br>
Kernel IP routing table<br>
Destination Gateway Genmask Flags Metric Ref Use Iface<br>
10.77.247.160 0.0.0.0 255.255.255.240 U 0 0 0 eth0<br>
10.77.243.128 0.0.0.0 255.255.255.128 U 0 0 0 eth1<br>
0.0.0.0 10.77.247.161 0.0.0.0 UG 0 0 0 eth0<br>
<br>
Issue:<br>
<br>
The issue is IP configured in eth1(10.77.243.154) is not pinging from other subnets(other than 10.77.243 network in my case). I captured TCP dump and could see ICMP request reaches the eth1 but ICMP response is not sent back.<br>
<br>
Please let me know anyone faced this issue and how to resolve it. I am blocked because of this issue, any help would be really helpful.<br>
<br>
Thanks,<br>
Prem.<o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt">_______________________________________________<br>
elrepo mailing list<br>
<a href="mailto:elrepo@lists.elrepo.org" target="_blank">elrepo@lists.elrepo.org</a><br>
<a href="http://lists.elrepo.org/mailman/listinfo/elrepo" target="_blank">http://lists.elrepo.org/mailman/listinfo/elrepo</a><o:p></o:p></p>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>