[clug] Routing disconnect
Martijn van Oosterhout
kleptog at svana.org
Thu Jan 22 23:29:39 GMT 2004
You're probably getting stuck on the reverse-path filter. Basically, it drops
a packet if the response would go out a different interface from the
incoming packet.
To test this, go to /proc/sys/net/ipv4/conf/<interface>/log_martians and set
it to 1. That will cause the kernel to log them. If this is it set the
rp_filter in the same directory to 0.
*However*, this will still break if you're using any kind of NAT or have a
firewall that does connection tracking.
Hope this helps,
On Fri, Jan 23, 2004 at 10:12:43AM +1100, Doug Palmer wrote:
> My machine lives on an experimental network. I have a PPTP connection
> into the main network, so that I can collect mail, look at shared
> drives, etc. My routing is set up so that most IP traffic goes out
> through the experimental network, except for anything that is destined
> for the main local network.
>
> I recently set up TikiWiki. This all works fine and dandy for me and for
> anyone outside the main local network. But anyone inside the main local
> network can't see it. As far as I can see, what is happening is:
>
> 1. Connection to port 80 arrives via eth0 from a main local network
> machine.
> 2. Return IP packets go out via ppp0 and the PPTP tunnel.
> 3. This runs afoul of some "established connection" filter somewhere and
> the packets get zapped.
>
> I'd rather not turn over the entire existing routing and firewall
> infrastructure to fix this problem. So I was wondering if there is any
> routing software I can use that knows about established connections and
> can route accordingly? Or some other solution, since all I really want
> is traffic that started with a connection to port 80 to go out via a
> specific interface.
>
>
--
Martijn van Oosterhout <kleptog at svana.org> http://svana.org/kleptog/
> (... have gone from d-i being barely usable even by its developers
> anywhere, to being about 20% done. Sweet. And the last 80% usually takes
> 20% of the time, too, right?) -- Anthony Towns, debian-devel-announce
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.samba.org/archive/linux/attachments/20040123/f4db0a8b/attachment.bin
More information about the linux
mailing list