Greetings Sameer,
: I have a linux router connected to two separate internet
: connection from an ISP. There is a third interface ( ip ->
: 192.168.1.1 ) in the router connected to the local network.
: Configured the routing tables and added the rules and everything
: seems to be working fine from the routing box. Traceroute to
: external internet sites reveal that traffic is being routed
: correctly and that the failover mechanism is working.
:
: Now in my internal machines the gateway address is the set to the
: third interface of the router and the internal machines can ping
: the router ( 192.168.1.1 ). The problem is that the internal
: machines cant connect to the net. A quick check with pings and
: tcpdump revealed that the packets from the internal machines are
: arriving at the router and are being routed correctly... but are
: not coming BACK from the router to the internal machines.
:
: Any pointers as to why this is happening would be useful....
Quick, experienced guess:
# sysctl net.ipv4.conf.default.rp_filter
If the answer provided is:
net.ipv4.conf.default.rp_filter = 1
Then, you''ll need to flip the reverse path filtering toggle [0].
When this sysctl is set to 1, the kernel automatically drops packets
incoming from the "wrong" interface according to the primary
(''main'') routing table.
Good luck,
-Martin
[0]
http://ipsysctl-tutorial.frozentux.net/chunkyhtml/theconfvariables.html#AEN634
--
Martin A. Brown --- Wonderfrog Enterprises --- martin@wonderfrog.net