LARTC - May 2001 - Why 'ping' only succeed in one direction?

Hi:

I''m using a linux box ( Rh7.1 ) as a router which connect two
Solaris2.6

box.
The three computer is interconnected by ethernet, each computer has
only on ethernet adapter.

The following is my network connection :

----------------------------------- ( Ethernet)
|                    ||                   |||
|                    ||                   |||
Sun-1              Linux              Sun-2
210.32.131.97  192.168.1.1(eth0)    192.168.1.8
               210.32.131.166(eth0:0)

Routing table :

   Sun-1:    192.168.1.0/24   ---> 210.32.131.166
                    default -----> 210.32.131.2

   Linux  :    default---> 210.32.131.2
              ( I add no explicit routing  table about the twodirect
               connected network )

  Sun-2 :    default --> 192.168.1.1

While I exec "ping 192.168.1.8 "on Sun-1, it succeed, with 0% packet
loss.

But when I exec  "ping 210.32.131.97" on Sun-2, the ping always hang
with no output, when I interrupt it with "Ctl-C'', it shows
"100% packet
loss".

I do tcpdump on linux and snoop on Sun to find out what happened, but
all detailed record shows "ICMP echo requect/reply " has been
delivered
between Sun-1<-->linux, Linux<-->Sun-2

And I can telnet/ftp between Sun-1 & Sun-2.

Is there someone will do me a favor to explain why this happens ? Is
there any configuration error with my linux box ?

Thanks in advance and each word will be highly appreciated.

James Shen

Hi
seems ok check /proc/sys/net/ipv4/conf/[*]/rp_filter
what it does is explained in the adv routing howto almost at the end.

Hope it helps


bye


> ----------------------------------- ( Ethernet)
>
>
> Sun-1              Linux              Sun-2
> 210.32.131.97  192.168.1.1(eth0)    192.168.1.8
>                210.32.131.166(eth0:0)
>
> Routing table :
>
>    Sun-1:    192.168.1.0/24   ---> 210.32.131.166
>                     default -----> 210.32.131.2
>
>    Linux  :    default---> 210.32.131.2
>               ( I add no explicit routing  table about the twodirect
>                connected network )
>
>   Sun-2 :    default --> 192.168.1.1






On Tuesday 29 May 2001 11:53 am, shen jing wrote:
> Hi:
>
> I''m using a linux box ( Rh7.1 ) as a router which connect two
Solaris2.6
>
> box.
> The three computer is interconnected by ethernet, each computer has
> only on ethernet adapter.
>
> The following is my network connection :
>
> ----------------------------------- ( Ethernet)
>
>
> Sun-1              Linux              Sun-2
> 210.32.131.97  192.168.1.1(eth0)    192.168.1.8
>                210.32.131.166(eth0:0)
>
> Routing table :
>
>    Sun-1:    192.168.1.0/24   ---> 210.32.131.166
>                     default -----> 210.32.131.2
>
>    Linux  :    default---> 210.32.131.2
>               ( I add no explicit routing  table about the twodirect
>                connected network )
>
>   Sun-2 :    default --> 192.168.1.1
>
> While I exec "ping 192.168.1.8 "on Sun-1, it succeed, with 0%
packet
> loss.
>
> But when I exec  "ping 210.32.131.97" on Sun-2, the ping always
hang
> with no output, when I interrupt it with "Ctl-C'', it shows
"100% packet
> loss".
>
> I do tcpdump on linux and snoop on Sun to find out what happened, but
> all detailed record shows "ICMP echo requect/reply " has been
delivered
> between Sun-1<-->linux, Linux<-->Sun-2
>
> And I can telnet/ftp between Sun-1 & Sun-2.
>
> Is there someone will do me a favor to explain why this happens ? Is
> there any configuration error with my linux box ?
>
> Thanks in advance and each word will be highly appreciated.
>
> James Shen
>
>
>
>
>
>
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
> http://ds9a.nl/2.4Routing/

> Thank you very much.
I''ve checked the file , they have the following content:

/proc/sys/net/ipv4/conf/all/rp_filter       :    1
/proc/sys/net/ipv4/conf/default/rp_filter:    0
/proc/sys/net/ipv4/conf/eth0/rp_filter:        0
/proc/sys/net/ipv4/conf/lo/rp_filter:            0

the ip route  says:

[root@cad166 lo]# ip route
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.1
210.32.131.0/24 dev eth0  proto kernel  scope link  src 210.32.131.166
127.0.0.0/8 dev lo  scope link
default via 210.32.131.1 dev eth0
default via 210.32.131.1 dev eth0  src 210.32.131.166  metric 1
[root@cad166 lo]#

I don''t understand what''s  the files under  all/  and default/
for.
And the tcpdump on linuxbox and snoop on Sun both shows
icmp echo request and icmp echo reply has been received.
But why ''ping 210.32.131.97'' always show nothing when executed
on 192.168.1.8?



James Shen


> Hi
> seems ok check /proc/sys/net/ipv4/conf/[*]/rp_filter
> what it does is explained in the adv routing howto almost at the end.
>
> Hope it helps
>
> bye
>
> > ----------------------------------- ( Ethernet)
> >
> >
> > Sun-1              Linux              Sun-2
> > 210.32.131.97  192.168.1.1(eth0)    192.168.1.8
> >                210.32.131.166(eth0:0)
> >
> > Routing table :
> >
> >    Sun-1:    192.168.1.0/24   ---> 210.32.131.166
> >                     default -----> 210.32.131.2
> >
> >    Linux  :    default---> 210.32.131.2
> >               ( I add no explicit routing  table about the twodirect
> >                connected network )
> >
> >   Sun-2 :    default --> 192.168.1.1
>
> On Tuesday 29 May 2001 11:53 am, shen jing wrote:
> > Hi:
> >
> > I''m using a linux box ( Rh7.1 ) as a router which connect two
Solaris2.6
> >
> > box.
> > The three computer is interconnected by ethernet, each computer has
> > only on ethernet adapter.
> >
> > The following is my network connection :
> >
> > ----------------------------------- ( Ethernet)
> >
> >
> > Sun-1              Linux              Sun-2
> > 210.32.131.97  192.168.1.1(eth0)    192.168.1.8
> >                210.32.131.166(eth0:0)
> >
> > Routing table :
> >
> >    Sun-1:    192.168.1.0/24   ---> 210.32.131.166
> >                     default -----> 210.32.131.2
> >
> >    Linux  :    default---> 210.32.131.2
> >               ( I add no explicit routing  table about the twodirect
> >                connected network )
> >
> >   Sun-2 :    default --> 192.168.1.1
> >
> > While I exec "ping 192.168.1.8 "on Sun-1, it succeed, with
0% packet
> > loss.
> >
> > But when I exec  "ping 210.32.131.97" on Sun-2, the ping
always hang
> > with no output, when I interrupt it with "Ctl-C'', it
shows "100% packet
> > loss".
> >
> > I do tcpdump on linux and snoop on Sun to find out what happened, but
> > all detailed record shows "ICMP echo requect/reply " has
been delivered
> > between Sun-1<-->linux, Linux<-->Sun-2
> >
> > And I can telnet/ftp between Sun-1 & Sun-2.
> >
> > Is there someone will do me a favor to explain why this happens ? Is
> > there any configuration error with my linux box ?
> >
> > Thanks in advance and each word will be highly appreciated.
> >
> > James Shen
> >

Lets see if I understand this, you what want do to your trying to use
"Linux"
as a router with a single PC card?

If not, you could add a route to Sun-1 on Sun-2 to solve the problem.

bye 
> >
> > > ----------------------------------- ( Ethernet)
> > >
> > >
> > > Sun-1              Linux              Sun-2
> > > 210.32.131.97  192.168.1.1(eth0)    192.168.1.8
> > >                210.32.131.166(eth0:0)
> > >
> > > Routing table :
> > >
> > >    Sun-1:    192.168.1.0/24   ---> 210.32.131.166
> > >                     default -----> 210.32.131.2
> > >
> > >    Linux  :    default---> 210.32.131.2
> > >               ( I add no explicit routing  table about the
twodirect
> > >                connected network )
> > >
> > >   Sun-2 :    default --> 192.168.1.1
> >
> > On Tuesday 29 May 2001 11:53 am, shen jing wrote:
> > > Hi:
> > >
> > > I''m using a linux box ( Rh7.1 ) as a router which
connect two
> > > Solaris2.6
> > >
> > > box.
> > > The three computer is interconnected by ethernet, each computer
has
> > > only on ethernet adapter.
> > >
> > > The following is my network connection :
> > >
> > > ----------------------------------- ( Ethernet)
> > >
> > >
> > > Sun-1              Linux              Sun-2
> > > 210.32.131.97  192.168.1.1(eth0)    192.168.1.8
> > >                210.32.131.166(eth0:0)
> > >
> > > Routing table :
> > >
> > >    Sun-1:    192.168.1.0/24   ---> 210.32.131.166
> > >                     default -----> 210.32.131.2
> > >
> > >    Linux  :    default---> 210.32.131.2
> > >               ( I add no explicit routing  table about the
twodirect
> > >                connected network )
> > >
> > >   Sun-2 :    default --> 192.168.1.1
> > >
> > > While I exec "ping 192.168.1.8 "on Sun-1, it succeed,
with 0% packet
> > > loss.
> > >
> > > But when I exec  "ping 210.32.131.97" on Sun-2, the
ping always hang
> > > with no output, when I interrupt it with "Ctl-C'',
it shows "100% packet
> > > loss".
> > >
> > > I do tcpdump on linux and snoop on Sun to find out what happened,
but
> > > all detailed record shows "ICMP echo requect/reply "
has been delivered
> > > between Sun-1<-->linux, Linux<-->Sun-2
> > >
> > > And I can telnet/ftp between Sun-1 & Sun-2.

On Wed, May 30, 2001 at 10:54:22AM -0300, Krepper Guillermo wrote:
> Lets see if I understand this, you what want do to your trying to use
"Linux"
> as a router with a single PC card?
> 
> If not, you could add a route to Sun-1 on Sun-2 to solve the problem.
I don''t think that that''s the point. This setup should work
but
he claims that it doesn''t.

James, Can you send the tcpdump output when you try to
"ping 210.32.131.97" on Sun-2.

Ramin
> 
> bye 
> > >
> > > > ----------------------------------- ( Ethernet)
> > > >
> > > >
> > > > Sun-1              Linux              Sun-2
> > > > 210.32.131.97  192.168.1.1(eth0)    192.168.1.8
> > > >                210.32.131.166(eth0:0)
> > > >
> > > > Routing table :
> > > >
> > > >    Sun-1:    192.168.1.0/24   ---> 210.32.131.166
> > > >                     default -----> 210.32.131.2
> > > >
> > > >    Linux  :    default---> 210.32.131.2
> > > >               ( I add no explicit routing  table about the
twodirect
> > > >                connected network )
> > > >
> > > >   Sun-2 :    default --> 192.168.1.1

On Wed, May 30, 2001 at 04:40:54PM +0800, shen jing wrote:
> > Thank you very much.
> 
> I''ve checked the file , they have the following content:
> 
> /proc/sys/net/ipv4/conf/all/rp_filter       :    1
> /proc/sys/net/ipv4/conf/default/rp_filter:    0
> /proc/sys/net/ipv4/conf/eth0/rp_filter:        0
> /proc/sys/net/ipv4/conf/lo/rp_filter:            0
> 
> the ip route  says:
> 
> [root@cad166 lo]# ip route
> 192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.1
> 210.32.131.0/24 dev eth0  proto kernel  scope link  src 210.32.131.166
> 127.0.0.0/8 dev lo  scope link
> default via 210.32.131.1 dev eth0
> default via 210.32.131.1 dev eth0  src 210.32.131.166  metric 1
> [root@cad166 lo]#
> 
> I don''t understand what''s  the files under  all/  and
default/ for.
> And the tcpdump on linuxbox and snoop on Sun both shows
> icmp echo request and icmp echo reply has been received.
> But why ''ping 210.32.131.97'' always show nothing when
executed
> on 192.168.1.8?
It might be that the linux router sends you ICMP redirects as the
forwarding interface is the same as the incoming interface but
it also should''ve happened when you "ping 192.168.1.8 "on
Sun-1.

How did you create eth0:0? With "ifconfig" or "ip addr"?
What is the output of "ifconfig -a"? Do you see 210.32.131.166
as eth0:0 (meaning that it is an alias? If you''d created it with
"ip addr" you shouldn''t have had ":0" there.

I''d suggest you to send the output of tcpdump when you 
"ping 210.32.131.97" on Sun-2 to see what is going on.

Ramin

> 
> 
> 
> James Shen

> It might be that the linux router sends you ICMP redirects as the
> forwarding interface is the same as the incoming interface but
> it also should''ve happened when you "ping 192.168.1.8
"on Sun-1.
I had problems with a linux router doing NAT on the same interface,
it was doing redirects, and though packets were "seen" on the wire
with
tcpdump, there were conflicts between private and public IPs and the
packets were lost.

Don''t know if this is the case here, but just in case you could set all
the "send_redirects" in /proc/sys/net/ipv4/conf to 0.

Cheers,

Rodrigo

On Wed, May 30, 2001 at 08:56:37PM -0500, Rodrigo Goya
wrote:
> > It might be that the linux router sends you ICMP redirects as the
> > forwarding interface is the same as the incoming interface but
> > it also should''ve happened when you "ping 192.168.1.8
"on Sun-1.
> 
> I had problems with a linux router doing NAT on the same interface,
> it was doing redirects, and though packets were "seen" on the
wire with
> tcpdump, there were conflicts between private and public IPs and the
> packets were lost.
> 
> Don''t know if this is the case here, but just in case you could
set all
> the "send_redirects" in /proc/sys/net/ipv4/conf to 0.
> 
I don''t think that is what''s happening here.

Just today, I had one linux router with the correct source IP and a more
specific route with a different IP (I''m working with IPsec tunnels
here)

When I ran a ping through the tunnel to the host described above it would
respond; but if I initiated a ping from the host, it would choose the more
specific route and thus the wrong one for my purposes.


Here''s an example (this is gatway to gateway; if hosts already within
the
specified subnets can''t communicate, the tunnel isn''t working
at all):

host a
inet ip: 1.2.3.4
local subnet: 192.168.1.0/24
internal ip: 192.168.1.1

host b
inet ip: 9.8.7.6
local subnet: 10.1.1.0/24
internal ip: 10.1.1.1

tunnel:
192.168.1.0/24 (1.2.3.4) ==== (9.8.7.6) 10.1.1.0/24

In order to get the traffic tunneled you have to change the source IP:
on a:
ip ro rep 10.1.1.0/24 dev ($dev) src 192.168.1.1

on b:
ip ro rep 192.168.1.0/24 dev ($dev) src 10.1.1.1

</example>

Now that we have that history behind us...

What I did wrong was:

ip ro rep 10.1.1.0/24 dev ($dev)
ip ro rep 10.1.1.0/8 dev ($dev) src 192.168.1.1

It would respond only to incomming packets, but not connections initiated
from this host.

Ok....  I looked at the origional post... didn''t before... :(

This won''t help at all.  Maybe it''ll help someone else...

Mike

On Tue, May 29, 2001 at 10:53:16PM +0800, shen jing
wrote:
> Hi:
> 
> I''m using a linux box ( Rh7.1 ) as a router which connect two
Solaris2.6
what kernel version?

distribution version doesn''t help much.
> 
> box.
> The three computer is interconnected by ethernet, each computer has
> only on ethernet adapter.
> 
> The following is my network connection :
> 
> ----------------------------------- ( Ethernet)
> |                    ||                   |||
> |                    ||                   |||
> Sun-1              Linux              Sun-2
> 210.32.131.97  192.168.1.1(eth0)    192.168.1.8
>                210.32.131.166(eth0:0)
>
They''re all on one ethernet segment, and just different IPs?
> Routing table :
> 
>    Sun-1:    192.168.1.0/24   ---> 210.32.131.166
>                     default -----> 210.32.131.2
> 
What does "192.168.1.0/24   ---> 210.32.131.166" mean?
>    Linux  :    default---> 210.32.131.2
>               ( I add no explicit routing  table about the twodirect
>                connected network )
>
Bad!

Can your linux box ping each sun box?

Let us see the output of some commands.  Install the iproute (so you can run
"ip" as root) package, and give use the output of:

ip route
ip rule
ip address

Send the output of whatever SUN uses to give IP addresses, Routes, etc too.
>   Sun-2 :    default --> 192.168.1.1
> 
> While I exec "ping 192.168.1.8 "on Sun-1, it succeed, with 0%
packet
> loss.
> 
> But when I exec  "ping 210.32.131.97" on Sun-2, the ping always
hang
> with no output, when I interrupt it with "Ctl-C'', it shows
"100% packet
> loss".
> 
> I do tcpdump on linux and snoop on Sun to find out what happened, but
> all detailed record shows "ICMP echo requect/reply " has been
delivered
> between Sun-1<-->linux, Linux<-->Sun-2
>
It looks like you didn''t change the default route to one of the IPs on
the
linux box on the SUNs.
> And I can telnet/ftp between Sun-1 & Sun-2.
> 
> Is there someone will do me a favor to explain why this happens ? Is
> there any configuration error with my linux box ?
> 
Yes.
> Thanks in advance and each word will be highly appreciated.
> 
Mike

Thank you very much!

Rodrigo''s method solve the problem at once.  There is not ICMP redirect
message sent and everything becomes good.

I''ve found another method : that is to add all addresses of Sun-1,
Sun-2
to Solaris /etc/hosts file, no modification needed on Linux box. Then
when ping each other, rediect message is received and ping succeed with a
little
delay.But,  I don''t understand why Solaris''s ping need
/etc/hosts as its
telnetd and ftpd does.

The last, I''d show my great thanks to you all.


Best regards

James Shen




> On Wed, May 30, 2001 at 04:40:54PM +0800, shen jing wrote:
>
> > > Thank you very much.
> >
> > I''ve checked the file , they have the following content:
> >
> > /proc/sys/net/ipv4/conf/all/rp_filter       :    1
> > /proc/sys/net/ipv4/conf/default/rp_filter:    0
> > /proc/sys/net/ipv4/conf/eth0/rp_filter:        0
> > /proc/sys/net/ipv4/conf/lo/rp_filter:            0
> >
> > the ip route  says:
> >
> > [root@cad166 lo]# ip route
> > 192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.1
> > 210.32.131.0/24 dev eth0  proto kernel  scope link  src 210.32.131.166
> > 127.0.0.0/8 dev lo  scope link
> > default via 210.32.131.1 dev eth0
> > default via 210.32.131.1 dev eth0  src 210.32.131.166  metric 1
> > [root@cad166 lo]#
> >
> > I don''t understand what''s  the files under  all/ 
and default/ for.
> > And the tcpdump on linuxbox and snoop on Sun both shows
> > icmp echo request and icmp echo reply has been received.
> > But why ''ping 210.32.131.97'' always show nothing
when executed
> > on 192.168.1.8?
>
> It might be that the linux router sends you ICMP redirects as the
> forwarding interface is the same as the incoming interface but
> it also should''ve happened when you "ping 192.168.1.8
"on Sun-1.
>
> How did you create eth0:0? With "ifconfig" or "ip
addr"?
> What is the output of "ifconfig -a"? Do you see 210.32.131.166
> as eth0:0 (meaning that it is an alias? If you''d created it with
> "ip addr" you shouldn''t have had ":0" there.
>
> I''d suggest you to send the output of tcpdump when you
> "ping 210.32.131.97" on Sun-2 to see what is going on.
>
> Ramin
>
> >
> >
> >
> > James Shen

> Thank you very much!
>
> Rodrigo''s method solve the problem at
once.  There is not ICMP redirect
> message sent and everything becomes go
od.
>
> I''ve found another method : that is to
add all addresses of Sun-1, Sun-2
> to Solaris /etc/hosts file, no modific
ation needed on Linux box. Then
> when ping each other, rediect message
is received and ping succeed with a
> little
> delay.But,  I don''t understand why Sol
aris''s ping need /etc/hosts as its
> telnetd and ftpd does.
>
> The last, I''d show my great thanks to
you all.
>
Maybe because DNS rev (IP -> HOSTNAME).
I don''t know the details...but my experi
ence is...
When you use ip to connect another compu
ter, it need to check if this ip is ille
gal and check if this ip is from the rig
ht one.
So linux default is set to find the host
name from HOSTS -> DNS -> NIS
If you add IP to /etc/hosts, then it can
find the hostname from the IP...and need
n''t DNS.

>
But the problem I met is ICMP echo request / reply is sent
between the two host successfully without while
program ping shows nothing. I don''t think it is required by
a host to find out host name when trying to accept ICMP
message ( perhaps SUN implement in this way )

>
> Maybe because DNS rev (IP -> HOSTNAME).
> I don''t know the details...but my experi
> ence is...
> When you use ip to connect another compu
> ter, it need to check if this ip is ille
> gal and check if this ip is from the rig
> ht one.
> So linux default is set to find the host
> name from HOSTS -> DNS -> NIS
> If you add IP to /etc/hosts, then it can
> find the hostname from the IP...and need
> n''t DNS.
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://ds9a.nl/2.4Routing/