Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Well then it's definitely not iptables blocking the traffic, but it still doesn't seem like it's being forwarded. I'm pretty puzzled at the moment. It must be something blindingly obvious.
I don't see any ICMP redirects generated from 192.168.22.48 on your capture. This is kind of old, if its suppose to forward a packet out the same interface the request came from it just drops it and sends back an ICMP redirect to the source host.
Why not instead create a static route from host a to network B
from Network A computer
"route -add net 192.168.33.192 netmask 255.255.255.192 192.168.22.209"
and on Network B computer make sure it has a route back to that network
"route -add net 192.168.22.0 netmask 255.255.255.0 192.168.33.193"
This way you don't have to depend on the icmp redirect which a lot of machines will ignore now a days anyway.
Thanks for helping out. I guess the main reason why I do not want to place a static route between each computer on Network A to the LinuxBox2, and vice vera for each computer on Network B ... is simply because there are quite a large numper of computers were dealing with here on both subnets.
To be even more honest ... now its just a matter of curiousity (and frustration). Its rather problematic and tedious too ... I know some 3 comm router's which were able to do ICMP redirects ... and I hate to think of Linux as having a limitation (which I'm sure it doesn't) ... I'm sure my Linux boxes can allow these two subnets to communicate .. I just still don't know how.
I will continue to keep the post updated.
Thanks and Take Care
Yeah I would think that the redirect will be making it back. Its just a sign of poor design, if you are ok with that then its all good.
Try clearing your iptables on all the participating hosts. Host A, Router A, Router B, Host B.
iptables -F
and do another tcpdump on Host A.
"tcpdump -i <eth*> -vvv -n -s 1514 icmp"
eth* will be your outgoing interface.
Oh yeah and I am trying to create a redirect scenario with my Linux router, and it does not seem to be sending a redirect ICMP message back either. Maybe something builtin that does not generate it.
Last edited by sal_paradise42; 11-14-2006 at 12:29 PM.
**********************************
* Linux Box 2 (ip: 192.168.22.48)*
**********************************
Code:
prompt# /usr/sbin/tcpdump -i eth0 -vvv -n -s 1514 icmp
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 1514 bytes
12:20:16.670938 IP (tos 0xc0, ttl 64, id 20556, offset 0, flags [none], length: 106) 192.168.22.209 > 192.168.22.143: icmp 86: 192.168.22.209 udp port 137 unreachable for IP (tos 0x0, ttl 128, id 42681, offset 0, flags [none], length: 78) 192.168.22.143.137 > 192.168.22.209.137: [udp sum ok]
>>> NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
I don't even know how to read this one ... I'm pinging from 192.168.22.230 to 192.168.33.193 ... its should be going thru the gateway 192.168.22.48. For example:
Why do I have a 192.168.22.209 > 192.168.22.143 ... Regardless I guess I can just equate that to other network activity on this network, afterall other people are using it right now.
hmm, I just tried this with FreeBSD as the router and it works:
[root@linux ~]# ping 5.5.5.4
PING 5.5.5.4 (5.5.5.4) 56(84) bytes of data.
From 192.168.1.115: icmp_seq=0 Redirect Host(New nexthop: 192.168.1.50)
From 192.168.1.115: icmp_seq=0 Redirect Host(New nexthop: 192.168.1.50)
so it looks like a problem with Linux, I found this it pretty much says that with Iptbles (netfilter) in your kernel icmp redirect does not work. that might be the problem, you should use FreeBSD as your router
I am posting this to complete the post .. that is this problem has been solved:
Steps for Solution
** The key here to getting my network to work was simply by properly configuring some config files since I really need those ICMP redirects.
**************************************************************************************************** ****
# /etc/sysctl.conf for GentooBox 1 & 2 -- the machines basically acting as the routers
**************************************************************************************************** ****
To sum it up .. there is a net.ipv4.conf.all.send_redirects kernel parameter that exisits and needed to be enabled (set to 1).. once that was .. I already had the net.ipv4.conf.all.accept_redirects in my /etc/sysctl.conf. Each parameter is pretty straight forward. To summarize ... my two Gentoo Boxes need to be able to generate the redirects ... while equivalently my clients in both Network A and Network B need to accept them when are sent.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
