Re: SYN/ACK not forwarded to 2nd NIC

From: David Ford (david@kalifornia.com)
Date: Wed Jun 14 2000 - 08:20:17 EST

Next message: Aaron Macks: "RE: Floppy handling"
Previous message: Blusjune Jung: "[Q.] Would you mind telling me how to insert new header into..."
In reply to: Meir: "SYN/ACK not forwarded to 2nd NIC"
Next in thread: Meir: "Re: SYN/ACK not forwarded to 2nd NIC"
Reply: Meir: "Re: SYN/ACK not forwarded to 2nd NIC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Is:

a) your addressing and routing set up correctly and/or
b) your masquerading or NAT rules set up correctly?

-d

Meir wrote:

> Hi,
>
> Sorry to bother you with this, but I try linux-net and get no
> answer (for now).
>
> I have a curious problem.
>
> My box (linux) is trying to send mail to a target.
> Between my box and the target there is a linux box 2.2.12
> with 4 NICs but (for now) _without_ any filtering rules
> at all (all default to ACCEPT).
>
> Only 2 NICs are up: eth0 to external net and eth1 to internal net.
>
> The problem is that when I tcpdump the 2 NICs from this middle-box,
> I can see a SYN getting out from eth1 and then passed to eth0
> (ip forwarding is enabled), and then I receive a SYN/ACK from the
> target box via eth0, but this SYN/ACK _never_ reach
> eth1 (which point to internal net) !!!
>
> The figure describe what's happen:
>
> ___________________
> | |
> | <- SYN |<- SYN <- SYN | |
> Target | |eth0 eth1 |----------| My box
> | SYN/ACK -> | -> | | telnet target 25
> |_____________ ____|
>
> ^
> |
> |_____ SYN/ACK never reach eth1 !!!
>
> The same thing occures when telneting Target on ports 7/9/79 etc...
>
> _But_ when I telnet Target 80 or 21 from My Box, it works !
> Why ?
> What am I missing ?
>
> I try with kernel 2.2.5, 2.2.12, 2.2.14.
>
> /proc/sys/net/ipv4/conf/{all,eth*}/rp_filter are set to 1
> /proc/sys/net/ipv4/ip_forward is set to 1
>
> Thanks in advance,
>
> -- Meir
> ps: thanks to cc to meir@education.gov.il
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
> Please read the FAQ at http://www.tux.org/lkml/

-- "The difference between 'involvement' and 'commitment' is like an eggs-and-ham breakfast: the chicken was 'involved' - the pig was 'committed'."

text/x-vcard attachment: Card for David Ford

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Aaron Macks: "RE: Floppy handling"
Previous message: Blusjune Jung: "[Q.] Would you mind telling me how to insert new header into..."
In reply to: Meir: "SYN/ACK not forwarded to 2nd NIC"
Next in thread: Meir: "Re: SYN/ACK not forwarded to 2nd NIC"
Reply: Meir: "Re: SYN/ACK not forwarded to 2nd NIC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Jun 15 2000 - 21:00:31 EST