[rhelv6-list] routing/interface question
npanderson at ups.com
npanderson at ups.com
Fri Jan 14 18:46:32 UTC 2011
Have you looked at /etc/sysctl.conf
net.ipv4.conf.default.rp_filter
rp_filter - BOOLEAN
1 - do source validation by reversed path, as specified in RFC1812
Recommended option for single homed hosts and stub network
routers. Could cause troubles for complicated (not loop free)
networks running a slow unreliable protocol (sort of RIP),
or using static routes.
0 - No source validation.
conf/all/rp_filter must also be set to TRUE to do source validation
on the interface
Default value is 0. Note that some distributions enable it
in startup scripts.
I believe RHEL5 defaults to 0, but check if it's set by default now.
Nathan Anderson
Automation Systems Group
UPS
502.247.1268
> -----Original Message-----
> From: rhelv6-list-bounces at redhat.com [mailto:rhelv6-list-
> bounces at redhat.com] On Behalf Of Peter Ruprecht
> Sent: Friday, January 14, 2011 1:01 PM
> To: rhelv6-list at redhat.com
> Subject: [rhelv6-list] routing/interface question
>
> Hi everyone,
>
> I think I'm seeing a difference in behavior between RHEL 5 and 6 on how
> packets get routed between different subnets on different network
> interfaces. Say I have a dual-homed host, with each interface connected
> to a different physical class C subnet. The routing table looks like:
>
> # netstat -rn
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window irtt
> Iface
> 128.138.140.0 0.0.0.0 255.255.255.0 U 0 0 0
> eth1
> 128.138.107.0 0.0.0.0 255.255.255.0 U 0 0 0
> eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
> eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
> eth1
> 0.0.0.0 128.138.107.1 0.0.0.0 UG 0 0 0
> eth0
>
> In RHEL5, if I ping the host's 128.138.140.X address from a machine on
> the 128.138.107. subnet, I can use tcpdump to see the icmp request
> coming in on eth1, and the reply going out on eth0. The host is not
> doing forwarding; that is, there's a 0 in /proc/sys/net/ipv4/ip_forward.
>
> Now, with what I think is exactly the same setup on a RHEL 6 host, I can
> see the incoming icmp packet on eth1, but there's no reply at all, on
> any interface. Similarly for an incoming ssh request, for example. If
> I ping the host's 128.138.140.X address from a machine on the
> 128.138.140. subnet, then I see both the request and reply as expected
> on eth1. And if I ping the host's 128.138.107.X address from a machine
> on the 128.138.107. subnet, then I see both the request and reply as
> expected on eth0. iptables is not running.
>
> Does anyone know if there's a way to get RHEL 6 to give me the behavior
> I'm used to with RHEL 5? That is, how can I ping the interface on the
> "other" subnet and actually get a reply?
>
> Thanks,
> Peter Ruprecht
>
> _______________________________________________
> rhelv6-list mailing list
> rhelv6-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rhelv6-list
More information about the rhelv6-list
mailing list