myway
03-05-2005, 08:54
Dear All friend,
After OS reinstall with RH9. I found the same issue with the previous instaled system FC1.
The packet from vpn conection (ppp0) with ip address: 222.152.20.17
not route via eth0 into fdcserver gateway, but it try to route directly to the internet via ppp0 (virtual) intervace.
I have kill the iptables, and not change any route. I also have edit the /etc/sysctl.conf to capable IP forwarding and disable ip source filter, looks below:
[root@fdc:/root]$ cat /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
I only found this issue at fdcservers's box. I need to know, what the different special route setting of fdcserver admin did.
I have asked FDC admin, they havent do any source filter at FDC gateway or firewall. But I'm affraid
Level3 filtering IP source.
Please help me. HOW TO to make the packet with source 222.152.20.17 route via eth0 to the internet over FDC gateway.
Thank You n Regards
[root@fdc:/root]$ tcpdump -i eth0 |grep 222.152.20.17
tcpdump: listening on eth0
(nothing)
[root@fdc:/root]$ tcpdump -i ppp0
tcpdump: listening on ppp0
02:58:31.128884 222.152.20.17 > 64.251.10.17: icmp: echo request
02:58:37.361621 222.152.20.17 > 64.251.10.17: icmp: echo request
02:58:43.230759 222.152.20.17.3027 > 202.52.192.45.domain: 6+ A? www.yahoo.com. (31)
02:58:43.265753 222.152.20.17 > 66.94.230.39: icmp: echo request
02:58:45.421669 222.152.20.17.4210 > 64.251.10.17.http: S 324824906:324824906(0) win 65280 <mss 1360,nop,nop,sackOK> (DF)
02:58:47.636665 222.152.20.17.4210 > 64.251.10.17.http: S 324824906:324824906(0) win 65280 <mss 1360,nop,nop,sackOK> (DF)
02:58:48.814943 222.152.20.17 > 66.94.230.39: icmp: echo request
02:58:53.832427 222.152.20.17.4210 > 64.251.10.17.http: S 324824906:324824906(0) win 65280 <mss 1360,nop,nop,sackOK> (DF)
(looks the packet forwarded directly to the internet from ppp0 intervace)
After OS reinstall with RH9. I found the same issue with the previous instaled system FC1.
The packet from vpn conection (ppp0) with ip address: 222.152.20.17
not route via eth0 into fdcserver gateway, but it try to route directly to the internet via ppp0 (virtual) intervace.
I have kill the iptables, and not change any route. I also have edit the /etc/sysctl.conf to capable IP forwarding and disable ip source filter, looks below:
[root@fdc:/root]$ cat /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
I only found this issue at fdcservers's box. I need to know, what the different special route setting of fdcserver admin did.
I have asked FDC admin, they havent do any source filter at FDC gateway or firewall. But I'm affraid
Level3 filtering IP source.
Please help me. HOW TO to make the packet with source 222.152.20.17 route via eth0 to the internet over FDC gateway.
Thank You n Regards
[root@fdc:/root]$ tcpdump -i eth0 |grep 222.152.20.17
tcpdump: listening on eth0
(nothing)
[root@fdc:/root]$ tcpdump -i ppp0
tcpdump: listening on ppp0
02:58:31.128884 222.152.20.17 > 64.251.10.17: icmp: echo request
02:58:37.361621 222.152.20.17 > 64.251.10.17: icmp: echo request
02:58:43.230759 222.152.20.17.3027 > 202.52.192.45.domain: 6+ A? www.yahoo.com. (31)
02:58:43.265753 222.152.20.17 > 66.94.230.39: icmp: echo request
02:58:45.421669 222.152.20.17.4210 > 64.251.10.17.http: S 324824906:324824906(0) win 65280 <mss 1360,nop,nop,sackOK> (DF)
02:58:47.636665 222.152.20.17.4210 > 64.251.10.17.http: S 324824906:324824906(0) win 65280 <mss 1360,nop,nop,sackOK> (DF)
02:58:48.814943 222.152.20.17 > 66.94.230.39: icmp: echo request
02:58:53.832427 222.152.20.17.4210 > 64.251.10.17.http: S 324824906:324824906(0) win 65280 <mss 1360,nop,nop,sackOK> (DF)
(looks the packet forwarded directly to the internet from ppp0 intervace)