Can't forword packets to default gateway

NdAd · 04-22-2014, 03:01 AM

Hi guys,

I wonder why I can't forward packets from one interface to default gateway through other interface in my linux host it only works when I initiate ping to this specific DGW from same host.

I tried to invistigate it further with tcpdump and noticed icmp frames comes in from one interface but not getting out from the interface on same network as DGW(eth0).

When I'm pinging DGW from the host it suddenly works! why ?
Some output below:

my PC is 10.60.247.139

Code:

[root@host1 ~]# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.60.73.0      0.0.0.0         255.255.255.0   U         0 0          0 eth2
10.60.72.0      0.0.0.0         255.255.255.0   U         0 0          0 eth0
10.60.74.0      0.0.0.0         255.255.255.0   U         0 0          0 eth3
10.60.76.0      0.0.0.0         255.255.255.0   U         0 0          0 eth1
0.0.0.0         10.60.72.59     0.0.0.0         UG        0 0          0 eth0

[root@host1 ~]# tcpdump -n -i eth3 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth3, link-type EN10MB (Ethernet), capture size 96 bytes
05:52:47.969541 IP 10.60.247.139 > 10.60.74.19: ICMP echo request, id 1, seq 10578, length 40
05:52:52.868889 IP 10.60.247.139 > 10.60.74.19: ICMP echo request, id 1, seq 10579, length 40
05:52:57.899993 IP 10.60.247.139 > 10.60.74.19: ICMP echo request, id 1, seq 10580, length 40
05:53:02.870666 IP 10.60.247.139 > 10.60.74.19: ICMP echo request, id 1, seq 10581, length 40

4 packets captured
4 packets received by filter
0 packets dropped by kernel

[root@host1 ~]# tcpdump -n -i eth0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

0 packets captured
0 packets received by filter
0 packets dropped by kernel

I have many hosts with same issue. All are VMs with LNX 5.4.3.

Berhanie · 04-22-2014, 04:03 AM

Your PC has IP address 10.60.247.139, but lives on the 10.60.74.0/24 subnet? And, why do you expect the packet to be forwarded out through eth0 when the destination, 10.60.74.19, also lives on 10.60.74.0/24 (eth3)?

I suspect the packet was dropped as a martian. Check your logs for martian source, or google for the appropriate settings in sysctl to turn on/off martian logging/dropping.

NdAd · 04-22-2014, 05:07 AM

Quote:

Originally Posted by Berhanie

Your PC has IP address 10.60.247.139, but lives on the 10.60.74.0/24 subnet? And, why do you expect the packet to be forwarded out through eth0 when the destination, 10.60.74.19, also lives on 10.60.74.0/24 (eth3)?

I suspect the packet was dropped as a martian. Check your logs for martian source, or google for the appropriate settings in sysctl to turn on/off martian logging/dropping.

Thanks for your reply.
I tried to ping the host through 10.60.74.0/24 and the "echo request" reached the host's dedicated interface (eth3).
I'm expecting the packet to be forwarded through eth0 since host can't reply to me on same network 10.60.247.x , since none is relevant on its routing table, so host should reply only through default gateway assigned in eth0 network.
There's nothing wrong with it.

packet apperently droppen when reached to host but don't think because it identified as martain. 10.0.0.0 network reserved to use in private boundries ,It's not routed outside my company's network. Logs didnt say a thing about it either.