On Wed, Feb 14, 2007 at 08:30:48AM +0100, Paul Viney wrote: > > > I still seem to have much the same problem. I no longer get ICMP > > > unreachable errors, but the packet just seems to disappear - I can't see > > > it being forwarded on any interface, nor can I find any kind of reply - > > > icmp or otherwise. > > > > sounds like a firewall issue! > > It does sound like a firewall issue, but the only firewall rule I have at the > moment is the one doing the DNAT. If I do 'iptables -t nat -L -v', then I can > see the number of packets increasing. Once I remove the firewall rule, I get > my "icmp unreachable" errors again. Funnily enough, if I then reinstate the > firewall (dnat) rule, then I still get "icmp unreachable" errors and the > packet count doesn't go up for the rule. It's almost as though the rule > doesn't get consulted. 'ip route flush cache' doesn't make a difference. > After about 5 minutes the "icmp unreachable" errors stop and the packet count > starts going up, although I still can't find my packet on the next hop. (I do > have forwarding switched on). The packet count on a iptables log rule on the > forward table does not go up, giving me the impression that routing has > failed.
This could be connection tracking, once you start a ping, connection tracking will keep it in its cache, so even though you have placed it (the rule) back in it doesn't count for the established link... > I also tried ip r get <random internet address> from 192.168.12.5, which did > indeed give me the same "RTNETLINK answers: Invalid argument" error. I guess > that means that my understanding of the purpose of 'ip r get' is indeed > faulty. does 192.168.12.5 exist on your box, can up do an ip a also do you have forwarding on ? > > Thanks for all your help so far. > > Paul Viney > > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >
signature.asc
Description: Digital signature
_______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
