[rhelv6-list] routing/interface question
Peter Ruprecht
ruprech at jilau1.colorado.edu
Fri Jan 14 19:56:43 UTC 2011
Actually, rp_filter is set in both cases:
# sysctl net/ipv4/conf/default/rp_filter
net.ipv4.conf.default.rp_filter = 1
Resetting it to 0 on the RHEL6 box didn't seem to make any difference.
Thanks,
Peter
npanderson at ups.com wrote:
> Have you looked at /etc/sysctl.conf
>
> net.ipv4.conf.default.rp_filter
>
> rp_filter - BOOLEAN
> 1 - do source validation by reversed path, as specified in RFC1812
> Recommended option for single homed hosts and stub network
> routers. Could cause troubles for complicated (not loop free)
> networks running a slow unreliable protocol (sort of RIP),
> or using static routes.
>
> 0 - No source validation.
>
> conf/all/rp_filter must also be set to TRUE to do source validation
> on the interface
>
> Default value is 0. Note that some distributions enable it
> in startup scripts.
>
> I believe RHEL5 defaults to 0, but check if it's set by default now.
>
> Nathan Anderson
> Automation Systems Group
> UPS
> 502.247.1268
>
>
>> -----Original Message-----
>> From: rhelv6-list-bounces at redhat.com [mailto:rhelv6-list-
>> bounces at redhat.com] On Behalf Of Peter Ruprecht
>> Sent: Friday, January 14, 2011 1:01 PM
>> To: rhelv6-list at redhat.com
>> Subject: [rhelv6-list] routing/interface question
>>
>> Hi everyone,
>>
>> I think I'm seeing a difference in behavior between RHEL 5 and 6 on how
>> packets get routed between different subnets on different network
>> interfaces. Say I have a dual-homed host, with each interface connected
>> to a different physical class C subnet. The routing table looks like:
>>
>> # netstat -rn
>> Kernel IP routing table
>> Destination Gateway Genmask Flags MSS Window irtt
>> Iface
>> 128.138.140.0 0.0.0.0 255.255.255.0 U 0 0 0
>> eth1
>> 128.138.107.0 0.0.0.0 255.255.255.0 U 0 0 0
>> eth0
>> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
>> eth0
>> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
>> eth1
>> 0.0.0.0 128.138.107.1 0.0.0.0 UG 0 0 0
>> eth0
>>
>> In RHEL5, if I ping the host's 128.138.140.X address from a machine on
>> the 128.138.107. subnet, I can use tcpdump to see the icmp request
>> coming in on eth1, and the reply going out on eth0. The host is not
>> doing forwarding; that is, there's a 0 in /proc/sys/net/ipv4/ip_forward.
>>
>> Now, with what I think is exactly the same setup on a RHEL 6 host, I can
>> see the incoming icmp packet on eth1, but there's no reply at all, on
>> any interface. Similarly for an incoming ssh request, for example. If
>> I ping the host's 128.138.140.X address from a machine on the
>> 128.138.140. subnet, then I see both the request and reply as expected
>> on eth1. And if I ping the host's 128.138.107.X address from a machine
>> on the 128.138.107. subnet, then I see both the request and reply as
>> expected on eth0. iptables is not running.
>>
>> Does anyone know if there's a way to get RHEL 6 to give me the behavior
>> I'm used to with RHEL 5? That is, how can I ping the interface on the
>> "other" subnet and actually get a reply?
>>
>> Thanks,
>> Peter Ruprecht
>>
>> _______________________________________________
>> rhelv6-list mailing list
>> rhelv6-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/rhelv6-list
>
> _______________________________________________
> rhelv6-list mailing list
> rhelv6-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rhelv6-list
More information about the rhelv6-list
mailing list