[rhelv6-list] routing/interface question

Peter Ruprecht ruprech at jilau1.colorado.edu
Fri Jan 14 19:56:43 UTC 2011 

Actually, rp_filter is set in both cases:

# sysctl net/ipv4/conf/default/rp_filter
net.ipv4.conf.default.rp_filter = 1

Resetting it to 0 on the RHEL6 box didn't seem to make any difference.

Thanks,
Peter

npanderson at ups.com wrote:
> Have you looked at /etc/sysctl.conf
> 
> net.ipv4.conf.default.rp_filter 
> 
> rp_filter - BOOLEAN
> 	1 - do source validation by reversed path, as specified in RFC1812
> 	    Recommended option for single homed hosts and stub network
> 	    routers. Could cause troubles for complicated (not loop free)
> 	    networks running a slow unreliable protocol (sort of RIP),
> 	    or using static routes.
> 
> 	0 - No source validation.
> 
> 	conf/all/rp_filter must also be set to TRUE to do source validation
> 	on the interface
> 
> 	Default value is 0. Note that some distributions enable it
> 	in startup scripts.
> 
> I believe RHEL5 defaults to 0, but check if it's set by default now.
> 
> Nathan Anderson
> Automation Systems Group
> UPS
> 502.247.1268
> 
> 
>> -----Original Message-----
>> From: rhelv6-list-bounces at redhat.com [mailto:rhelv6-list-
>> bounces at redhat.com] On Behalf Of Peter Ruprecht
>> Sent: Friday, January 14, 2011 1:01 PM
>> To: rhelv6-list at redhat.com
>> Subject: [rhelv6-list] routing/interface question
>>
>> Hi everyone,
>>
>> I think I'm seeing a difference in behavior between RHEL 5 and 6 on how
>> packets get routed between different subnets on different network
>> interfaces.  Say I have a dual-homed host, with each interface connected
>> to a different physical class C subnet.  The routing table looks like:
>>
>> # netstat -rn
>> Kernel IP routing table
>> Destination     Gateway         Genmask         Flags   MSS Window  irtt
>> Iface
>> 128.138.140.0   0.0.0.0         255.255.255.0   U         0 0          0
>> eth1
>> 128.138.107.0   0.0.0.0         255.255.255.0   U         0 0          0
>> eth0
>> 169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0
>> eth0
>> 169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0
>> eth1
>> 0.0.0.0         128.138.107.1   0.0.0.0         UG        0 0          0
>> eth0
>>
>> In RHEL5, if I ping the host's 128.138.140.X address from a machine on
>> the 128.138.107. subnet, I can use tcpdump to see the icmp request
>> coming in on eth1, and the reply going out on eth0.  The host is not
>> doing forwarding; that is, there's a 0 in /proc/sys/net/ipv4/ip_forward.
>>
>> Now, with what I think is exactly the same setup on a RHEL 6 host, I can
>> see the incoming icmp packet on eth1, but there's no reply at all, on
>> any interface.  Similarly for an incoming ssh request, for example.  If
>> I ping the host's 128.138.140.X address from a machine on the
>> 128.138.140. subnet, then I see both the request and reply as expected
>> on eth1.  And if I ping the host's 128.138.107.X address from a machine
>> on the 128.138.107. subnet, then I see both the request and reply as
>> expected on eth0.  iptables is not running.
>>
>> Does anyone know if there's a way to get RHEL 6 to give me the behavior
>> I'm used to with RHEL 5?  That is, how can I ping the interface on the
>> "other" subnet and actually get a reply?
>>
>> Thanks,
>> Peter Ruprecht
>>
>> _______________________________________________
>> rhelv6-list mailing list
>> rhelv6-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/rhelv6-list
> 
> _______________________________________________
> rhelv6-list mailing list
> rhelv6-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rhelv6-list

More information about the rhelv6-list mailing list