Hi all, Can someone say me the theoretic way of packet in the kernel. When the packet will be send to a IMQ device? When the packet arrives to post routing time? When operation of NAT occur? befor or later that the packet will send to net device? Thanks Bye Simone -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: Problemi di Liquidità? Con Logos Finanziaria 30.000 in 24 ore a dipendenti e lavoratori autonomi con rimborsi fino a 120 mesi clicca qui Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=2907&d=20070307
On Wed, 7 Mar 2007 10:53:12 +0100 Simone84bo <simone84bo@email.it> wrote:> Hi all, > Can someone say me the theoretic way of packet in the kernel.Perhaps this diagram can help you: http://l7-filter.sourceforge.net/PacketFlow.png I''ll attach another one in asciiart I picked from somewhere (maybe this list itself).> When the packet will be send to a IMQ device? > When the packet arrives to post routing time? > When operation of NAT occur? befor or later that the packet will send > to net device?When loading imq module, my kernel says: IMQ starting with 2 devices... IMQ driver loaded successfully. Hooking IMQ before NAT on PREROUTING. Hooking IMQ after NAT on POSTROUTING. This is the default option, but you can choose from all 4 options at compile time: CONFIG_IMQ=m # CONFIG_IMQ_BEHAVIOR_AA is not set # CONFIG_IMQ_BEHAVIOR_AB is not set CONFIG_IMQ_BEHAVIOR_BA=y # CONFIG_IMQ_BEHAVIOR_BB is not set _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
I want B to route (temporarily) to both the .65 gw and eventually move
to xxx.xxx.xxx.83 being the default gw, but I can''t add that route..
I''m missing some obvious, but if someone would take a 2nd look it would
be appreciated. I also have requested to get access to the switch ,but
that''s still waiting.
Server B
ip a s
1: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:0b:db:91:84:53 brd ff:ff:ff:ff:ff:ff
inet xxx.xxx.xxx.87/26 brd xxx.xxx.xxx.127 scope global eth0
2: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:0b:db:91:84:54 brd ff:ff:ff:ff:ff:ff
inet xxx.xxx.xxx.84/32 scope global eth1
arping -I eth1 xxx.xxx.xxx.83
ARPING xxx.xxx.xxx.83 from xxx.xxx.xxx.84 eth1
Unicast reply from xxx.xxx.xxx.83 [00:00:25:C1:CC:C0] 0.956ms <--
Correct interface
Unicast reply from xxx.xxx.xxx.83 [00:00:25:C1:CC:C1] 1.210ms <-- Incorrect
Unicast reply from xxx.xxx.xxx.83 [00:00:25:C1:CC:C1] 0.712ms
Unicast reply from xxx.xxx.xxx.83 [00:00:25:C1:CC:C1] 0.711ms
---------------
ip route add default via xxx.xxx.xxx.83 dev eth1 table T1
RTNETLINK answers: Network is unreachable
eris ~ # route add -net xxx.xxx.xxx.84/31 gw xxx.xxx.xxx.83
SIOCADDRT: Network is unreachable
ip r s
127.0.0.0/8 dev lo scope link
default via xxx.xxx.xxx.65 dev eth0
Server C
2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen
1000
link/ether 00:00:25:c1:cc:c0 brd ff:ff:ff:ff:ff:ff
inet xxx.xxx.xxx.83/31 scope global eth0
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen
1000
link/ether 00:00:25:c1:cc:c1 brd ff:ff:ff:ff:ff:ff
inet xxx.xxx.xxx.82/26 scope global eth1
(Temporary)
ip r s
xxx.xxx.xxx.64/26 dev eth1 proto kernel scope link src 207.135.120.82
xxx.xxx.xxx.64/26 dev eth0 proto kernel scope link src 207.135.120.83
127.0.0.0/8 dev lo scope link
default via xxx.xxx.xxx.65 dev eth1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings,
: I want B to route (temporarily) to both the .65 gw and eventually
: move to xxx.xxx.xxx.83 being the default gw, but I can''t add that
: route..
:
: I''m missing some obvious, but if someone would take a 2nd look it
: would be appreciated. I also have requested to get access to the
: switch ,but that''s still waiting.
This is an L3 problem. After reading your description, I''m guessing
that each of your servers has two physical connections to the same
L2 (broadcast domain) and you have made modifications to the
routing table (at least on Server B) before you tried to solve this
problem below.
: Server B
: ip a s
: 1: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen
100
: link/ether 00:0b:db:91:84:53 brd ff:ff:ff:ff:ff:ff
: inet xxx.xxx.xxx.87/26 brd xxx.xxx.xxx.127 scope global eth0
: 2: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen
100
: link/ether 00:0b:db:91:84:54 brd ff:ff:ff:ff:ff:ff
: inet xxx.xxx.xxx.84/32 scope global eth1
:
: arping -I eth1 xxx.xxx.xxx.83
: ARPING xxx.xxx.xxx.83 from xxx.xxx.xxx.84 eth1
: Unicast reply from xxx.xxx.xxx.83 [00:00:25:C1:CC:C0] 0.956ms <-- Correct
interface
: Unicast reply from xxx.xxx.xxx.83 [00:00:25:C1:CC:C1] 1.210ms <--
Incorrect
: Unicast reply from xxx.xxx.xxx.83 [00:00:25:C1:CC:C1] 0.712ms
: Unicast reply from xxx.xxx.xxx.83 [00:00:25:C1:CC:C1] 0.711ms
I call the above problem ARP flux [0]. It''s an extraordinarily
common problem when you have multiple connections to the same
Ethernet.
: ip r s
: 127.0.0.0/8 dev lo scope link
: default via xxx.xxx.xxx.65 dev eth0
:
Unless you are running some weirdo networking startup scripts you
have made changes to the routing table or lost routes on this box
since you brought up the interface on eth0.
Note! The "ip address" output for eth0 shows that you have an L3
address of 207.135.120.87/26. This means you should have had a
network route that looked like this:
207.135.120.64/26 dev eth0 proto kernel scope link src 207.135.120.87
Since this route is missing on Server B, something has removed it.
: ip route add default via xxx.xxx.xxx.83 dev eth1 table T1
: RTNETLINK answers: Network is unreachable
: eris ~ # route add -net xxx.xxx.xxx.84/31 gw xxx.xxx.xxx.83
: SIOCADDRT: Network is unreachable
RTNETLINK is telling you that it has no way to reach 207.135.120.83.
You can do two things:
* restore the network route, 207.135.120.64/26: "ip route add
207.135.120.64/26 dev eth0 src 207.135.120.87"
* create a host route to the L3 address you want to use as a next
hop: "ip route add 207.135.120.83 dev eth0"
Good luck!
- -Martin
[0] http://linux-ip.net/html/ether-arp.html#ether-arp-flux
(Sorry for the character encoding mismatch.)
- --
Martin A. Brown
http://linux-ip.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: pgf-0.72 (http://linux-ip.net/sw/pine-gpg-filter/)
iD8DBQFF8hdAHEoZD1iZ+YcRAnMNAJ4y+0/GKY3sUEx85IshFuKrCQ4mXwCfeQLO
YmGSNeQgmGX8LDGqGySG9CA=hYRK
-----END PGP SIGNATURE-----