routing - Linux IP forwarding doesn't work -
i ran weird issue. same setup worked before, stopped. 2 machines [internet] <-wan-> gateway <-vlan-> core
i trying route core via gateway. core:
root@core:~# ifconfig eth1 eth1 link encap:ethernet hwaddr 76:61:6b:7a:65:af inet addr:10.0.0.2 bcast:10.0.0.255 mask:255.255.255.0 inet6 addr: fe80::7461:6bff:fe7a:65af/64 scope:link broadcast running multicast mtu:1500 metric:1 rx packets:38423 errors:0 dropped:0 overruns:0 frame:0 tx packets:3814 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 rx bytes:1959037 (1.9 mb) tx bytes:501771 (501.7 kb) root@core:~# route -n kernel ip routing table destination gateway genmask flags metric ref utilize iface 0.0.0.0 10.0.0.1 0.0.0.0 ug 0 0 0 eth1 10.0.0.0 0.0.0.0 255.255.255.0 u 0 0 0 eth1 root@core:~# ping 8.8.8.8 ping 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes 8.8.8.8: icmp_seq=1 ttl=48 time=10.6 ms ^c --- 8.8.8.8 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 10.644/10.644/10.644/0.000 ms gateway:
root@gateway:~# cat /proc/sys/net/ipv4/ip_forward 1 root@gateway:~# ifconfig eth0 eth0 link encap:ethernet hwaddr 3e:50:8a:be:b9:80 inet addr:83.222.241.213 bcast:83.222.241.255 mask:255.255.255.0 inet6 addr: fe80::3c50:8aff:febe:b980/64 scope:link broadcast running multicast mtu:1500 metric:1 rx packets:4536 errors:0 dropped:0 overruns:0 frame:0 tx packets:4197 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 rx bytes:485439 (485.4 kb) tx bytes:798131 (798.1 kb) root@gateway:~# ifconfig eth1 eth1 link encap:ethernet hwaddr 42:50:8a:be:b9:80 inet addr:10.0.0.1 bcast:10.0.0.255 mask:255.255.255.0 inet6 addr: fe80::4050:8aff:febe:b980/64 scope:link broadcast running multicast mtu:1500 metric:1 rx packets:1985 errors:0 dropped:0 overruns:0 frame:0 tx packets:13169 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 rx bytes:256280 (256.2 kb) tx bytes:701930 (701.9 kb) root@gateway:~# route -n kernel ip routing table destination gateway genmask flags metric ref utilize iface 0.0.0.0 83.222.241.1 0.0.0.0 ug 0 0 0 eth0 10.0.0.0 0.0.0.0 255.255.255.0 u 0 0 0 eth1 83.222.241.0 0.0.0.0 255.255.255.0 u 0 0 0 eth0 root@gateway:~# iptables-save # generated iptables-save v1.4.21 on thu oct 23 23:13:32 2014 *nat :prerouting take [3:180] :input take [3:180] :output take [173:10388] :postrouting take [170:10200] -a postrouting -o eth0 -j masquerade commit # completed on thu oct 23 23:13:32 2014 # generated iptables-save v1.4.21 on thu oct 23 23:13:32 2014 *filter :input take [581:49229] :forward take [0:0] :output take [819:73373] -a forwards -i eth1 -j take commit # completed on thu oct 23 23:13:32 2014 # generated iptables-save v1.4.21 on thu oct 23 23:13:32 2014 *mangle :prerouting take [581:49229] :input take [581:49229] :forward take [0:0] :output take [822:73737] :postrouting take [822:73737] commit # completed on thu oct 23 23:13:32 2014 # generated iptables-save v1.4.21 on thu oct 23 23:13:32 2014 *raw :prerouting take [581:49229] :output take [822:73737] commit # completed on thu oct 23 23:13:32 2014 now running tcpdump -i -n -v udp , port 53 on gateway run:
root@gateway:~# dig test.com @8.8.8.8 &>/dev/null 23:16:33.426336 ip (tos 0x0, ttl 64, id 16201, offset 0, flags [none], proto udp (17), length 65) 83.222.241.213.41376 > 8.8.8.8.53: 39515+ [1au] a? test.com. (37) 23:16:33.436145 ip (tos 0x0, ttl 49, id 26701, offset 0, flags [none], proto udp (17), length 81) 8.8.8.8.53 > 83.222.241.213.41376: 39515 1/0/1 test.com. 50.23.225.49 (53) if run dig on core (capture gateway):
23:17:55.801448 ip (tos 0x0, ttl 64, id 50634, offset 0, flags [none], proto udp (17), length 65) 10.0.0.2.55008 > 8.8.8.8.53: 6910+ [1au] a? test.com. (37) 23:17:55.801539 ip (tos 0x0, ttl 63, id 50634, offset 0, flags [none], proto udp (17), length 65) 83.222.241.213.55008 > 8.8.8.8.53: 6910+ [1au] a? test.com. (37) 23:18:00.801477 ip (tos 0x0, ttl 64, id 50635, offset 0, flags [none], proto udp (17), length 65) 10.0.0.2.55008 > 8.8.8.8.53: 6910+ [1au] a? test.com. (37) 23:18:00.801559 ip (tos 0x0, ttl 63, id 50635, offset 0, flags [none], proto udp (17), length 65) 83.222.241.213.55008 > 8.8.8.8.53: 6910+ [1au] a? test.com. (37) 23:18:05.801862 ip (tos 0x0, ttl 64, id 50636, offset 0, flags [none], proto udp (17), length 65) 10.0.0.2.55008 > 8.8.8.8.53: 6910+ [1au] a? test.com. (37) 23:18:05.801932 ip (tos 0x0, ttl 63, id 50636, offset 0, flags [none], proto udp (17), length 65) 83.222.241.213.55008 > 8.8.8.8.53: 6910+ [1au] a? test.com. (37) so somehow pings delivered, udp packets don't? guess ip_forward not rewriting source address somehow? ideas?
so problem virtio network cards in qemu.
when 2 virtio vms running on same physical machine, 1 behind nat starts sending packets bad checksums unusual reason. switching off checksum checks solves issue:
ethtool -k eth1 tx off tso off ufo off gso off and create sure persists on reboots:
echo "ethtool -k eth1 tx off tso off ufo off gso off" >> /etc/rc.local credit goes vps support.
linux routing ip iptables
No comments:
Post a Comment