[rhelv6-list] routing/interface question

npanderson at ups.com npanderson at ups.com
Fri Jan 14 18:46:32 UTC 2011 

Have you looked at /etc/sysctl.conf

net.ipv4.conf.default.rp_filter 

rp_filter - BOOLEAN
	1 - do source validation by reversed path, as specified in RFC1812
	    Recommended option for single homed hosts and stub network
	    routers. Could cause troubles for complicated (not loop free)
	    networks running a slow unreliable protocol (sort of RIP),
	    or using static routes.

	0 - No source validation.

	conf/all/rp_filter must also be set to TRUE to do source validation
	on the interface

	Default value is 0. Note that some distributions enable it
	in startup scripts.

I believe RHEL5 defaults to 0, but check if it's set by default now.

Nathan Anderson
Automation Systems Group
UPS
502.247.1268


> -----Original Message-----
> From: rhelv6-list-bounces at redhat.com [mailto:rhelv6-list-
> bounces at redhat.com] On Behalf Of Peter Ruprecht
> Sent: Friday, January 14, 2011 1:01 PM
> To: rhelv6-list at redhat.com
> Subject: [rhelv6-list] routing/interface question
> 
> Hi everyone,
> 
> I think I'm seeing a difference in behavior between RHEL 5 and 6 on how
> packets get routed between different subnets on different network
> interfaces.  Say I have a dual-homed host, with each interface connected
> to a different physical class C subnet.  The routing table looks like:
> 
> # netstat -rn
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags   MSS Window  irtt
> Iface
> 128.138.140.0   0.0.0.0         255.255.255.0   U         0 0          0
> eth1
> 128.138.107.0   0.0.0.0         255.255.255.0   U         0 0          0
> eth0
> 169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0
> eth0
> 169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0
> eth1
> 0.0.0.0         128.138.107.1   0.0.0.0         UG        0 0          0
> eth0
> 
> In RHEL5, if I ping the host's 128.138.140.X address from a machine on
> the 128.138.107. subnet, I can use tcpdump to see the icmp request
> coming in on eth1, and the reply going out on eth0.  The host is not
> doing forwarding; that is, there's a 0 in /proc/sys/net/ipv4/ip_forward.
> 
> Now, with what I think is exactly the same setup on a RHEL 6 host, I can
> see the incoming icmp packet on eth1, but there's no reply at all, on
> any interface.  Similarly for an incoming ssh request, for example.  If
> I ping the host's 128.138.140.X address from a machine on the
> 128.138.140. subnet, then I see both the request and reply as expected
> on eth1.  And if I ping the host's 128.138.107.X address from a machine
> on the 128.138.107. subnet, then I see both the request and reply as
> expected on eth0.  iptables is not running.
> 
> Does anyone know if there's a way to get RHEL 6 to give me the behavior
> I'm used to with RHEL 5?  That is, how can I ping the interface on the
> "other" subnet and actually get a reply?
> 
> Thanks,
> Peter Ruprecht
> 
> _______________________________________________
> rhelv6-list mailing list
> rhelv6-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rhelv6-list

More information about the rhelv6-list mailing list