LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Dropped or blocked packets (https://www.linuxquestions.org/questions/linux-networking-3/dropped-or-blocked-packets-4175415410/)

iamalinuxnoob 07-07-2012 09:37 AM
Dropped or blocked packets
 
Hello everyone !

My LAN topology is this :
[ [VMs] PC1] -- [ISP box] -- [PC2]

PC1: 192.168.1.3
ISP Box : 192.168.1.1
PC2; 192.168.1.42

More info:
- The VMs are bridged on an ethernet NIC.
- I'm using full ethernet connectivity, full duplex 100Mb/s

The issue is (or seems to be) located on the server.
-- On PC1 --
The first thing I witnessed was that I wasn't able to access the internet. So I investigated.
I tried to ping the ISP Box :
Code:
# ping -c 3 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.

--- 192.168.1.1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2000ms
So I thought I had a bad netmask or bad routes (but it would be weird since I'am able to PING PC2) :
Code:
# ifconfig br0
br0      Link encap:Ethernet  HWaddr 50:e5:49:ca:c7:e4 
          inet adr:192.168.1.3  Bcast:192.168.1.255  Masque:255.255.255.0
          adr inet6: fe80::52e5:49ff:feca:c7e4/64 Scope:Lien
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:60558 errors:0 dropped:0 overruns:0 frame:0
          TX packets:39180 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:0
          RX bytes:36478349 (34.7 MiB)  TX bytes:6522301 (6.2 MiB)

# route -n
Table de routage IP du noyau
Destination    Passerelle      Genmask        Indic Metric Ref    Use Iface
0.0.0.0        192.168.1.1    0.0.0.0        UG    0      0        0 br0
192.168.1.0    0.0.0.0        255.255.255.0  U    0      0        0 br0
Thus, I thought it's much more likely to be a bad iptables/ebtables rule, I checked it out :
Code:
# iptables -L
Chain INPUT (policy ACCEPT)
target    prot opt source              destination       

Chain FORWARD (policy ACCEPT)
target    prot opt source              destination       

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination     

# ebtables -L
Bridge table: filter

Bridge chain: INPUT, entries: 0, policy: ACCEPT

Bridge chain: FORWARD, entries: 0, policy: ACCEPT

Bridge chain: OUTPUT, entries: 0, policy: ACCEPT

# iptables-save
# Generated by iptables-save v1.4.8 on Sat Jul  7 16:21:43 2012
*filter
:INPUT ACCEPT [51162:35416108]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [38757:6082687]
COMMIT
# Completed on Sat Jul  7 16:21:43 2012
But there's nothing... so I decided to do some network sniffing :
Code:
# ping -c 3 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.

--- 192.168.1.1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2015ms


# tshark icmp
Running as user "root" and group "root". This could be dangerous.
Capturing on eth0
  0.000000  192.168.1.3 -> 192.168.1.1  ICMP Echo (ping) request
  0.000563  192.168.1.1 -> 192.168.1.3  ICMP Echo (ping) reply
  1.007245  192.168.1.3 -> 192.168.1.1  ICMP Echo (ping) request
  1.008007  192.168.1.1 -> 192.168.1.3  ICMP Echo (ping) reply
  2.015409  192.168.1.3 -> 192.168.1.1  ICMP Echo (ping) request
  2.016052  192.168.1.1 -> 192.168.1.3  ICMP Echo (ping) reply
It's not the ISP box doing the filtering here, so it's clearly located on PC1.

Then I tried an ARPING :
Code:
# arping -c 3 192.168.1.1
ARPING 192.168.1.1
60 bytes from 00:25:15:37:68:18 (192.168.1.1): index=0 time=351.191 usec
60 bytes from 00:25:15:37:68:18 (192.168.1.1): index=1 time=337.839 usec
60 bytes from 00:25:15:37:68:18 (192.168.1.1): index=2 time=353.098 usec

--- 192.168.1.1 statistics ---
3 packets transmitted, 3 packets received,  0% unanswered (0 extra)

# tshark arp
Running as user "root" and group "root". This could be dangerous.
Capturing on eth0
  0.000000 50:e5:49:ca:c7:e4 -> Broadcast    ARP Who has 192.168.1.1?  Tell 192.168.1.3
  0.000342 Sfr_37:68:18 -> 50:e5:49:ca:c7:e4 ARP 192.168.1.1 is at 00:25:15:37:68:18
  1.000489 50:e5:49:ca:c7:e4 -> Broadcast    ARP Who has 192.168.1.1?  Tell 192.168.1.3
  1.000829 Sfr_37:68:18 -> 50:e5:49:ca:c7:e4 ARP 192.168.1.1 is at 00:25:15:37:68:18
  2.000934 50:e5:49:ca:c7:e4 -> Broadcast    ARP Who has 192.168.1.1?  Tell 192.168.1.3
  2.001288 Sfr_37:68:18 -> 50:e5:49:ca:c7:e4 ARP 192.168.1.1 is at 00:25:15:37:68:18
ARP works well..

I tried removing the bridge and ifconfig-ing ethO to set a static IP address but I had the same results...

-- On PC2 --
I noticed that SSHing PC1 is taking 3-4 seconds instead of being almost instantaneous.

And I don't know if this could be of any help but I tried to PING PC1 from PC2 while IP spoofing :

Code:
# hping3 --icmp -a 192.168.1.1 -c 3 192.168.1.3
HPING 192.168.1.3 (eth0 192.168.1.3): icmp mode set, 28 headers + 0 data bytes

--- 192.168.1.3 hping statistic ---
3 packets transmitted, 0 packets received, 100% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms
Of course I don't receive the ICMP Reply on PC2 but there's a capture on PC1 :
Code:
# tshark icmp
Running as user "root" and group "root". This could be dangerous.
Capturing on eth0
  0.000000  192.168.1.1 -> 192.168.1.3  ICMP Echo (ping) request
  0.000016  192.168.1.3 -> 192.168.1.1  ICMP Echo (ping) reply
  1.000086  192.168.1.1 -> 192.168.1.3  ICMP Echo (ping) request
  1.000098  192.168.1.3 -> 192.168.1.1  ICMP Echo (ping) reply
  2.000128  192.168.1.1 -> 192.168.1.3  ICMP Echo (ping) request
  2.000141  192.168.1.3 -> 192.168.1.1  ICMP Echo (ping) reply
I need help ! Thanks !
I set up an HTTP proxy to install packages using APT, just in case.


All times are GMT -5. The time now is 04:26 AM.