lug-bg: rp_filter || log_martians

Mon, 12 Feb 2001 02:56:09 -0800 

���������,

��� ������ �� ������� ������� � linux-net, ��� ���� �� � ������ ��� �������.
���� ����� �� ��� ����� �� ���� linux-net �� ��� ���� ��� ���������. ����������
� ��������:

 +----------------+
 | Linux box  A   |
 +----------------+
          | xx.xx.xx.21
          |
          | xx.xx.xx.17
 +----------------+ xx.xx.xx.5          +----------------+
 | Linux router-1 | <-----------------> | Linux router-2 |
 +----------------+          xx.xx.xx.6 +----------------+


���� ������, rp_filter � 0 � �� �� ������ �� �������� ������ ������ �� ������
���������.

root@router-1:~# for i in /proc/sys/net/ipv4/conf/*/rp_filter; do echo "0" > $i ;done

root@router-2:~# hping xx.xx.xx.21 --icmp -a xx.xx.xx.19 -c 3

root@box-a:~# tcpdump -p icmp
tcpdump: listening on eth0
22:40:15.458399 xx.xx.xx.19 > xx.xx.xx.21: icmp: echo request
22:40:16.455486 xx.xx.xx.19 > xx.xx.xx.21: icmp: echo request
22:40:17.455806 xx.xx.xx.19 > xx.xx.xx.21: icmp: echo request

So far so good... �� � ������� � �� ������. ����� �� ���� ;-)

root@router-1:~# for i in /proc/sys/net/ipv4/conf/*/rp_filter; do echo "1" > $i ;done
root@router-1:~# for i in /proc/sys/net/ipv4/conf/*/log_martians; do echo "1" > $i 
;done

root@router-2:~# hping xx.xx.xx.21 --icmp -a xx.xx.xx.19 -c 3

root@box-a:~# tcpdump -p icmp
tcpdump: listening on eth0
22:44:52.515555 xx.xx.xx.19 > xx.xx.xx.21: icmp: echo request
22:44:53.509648 xx.xx.xx.19 > xx.xx.xx.21: icmp: echo request
22:44:54.509775 xx.xx.xx.19 > xx.xx.xx.21: icmp: echo request

���� ����� rp_filter ���� � 1, �� ���������� �� �� ������... ;/
���� �� ������ �� �������� ������ ���-�?

root@router-1:~# ip route flush cache

root@router-2:~# hping xx.xx.xx.21 --icmp -a xx.xx.xx.19 -c 3

root@box-a:~# tcpdump -p icmp
tcpdump: listening on eth0

��� �� �����. ����� �� ���������� ������������ ������ �� �� �������� � syslog.
���� �� �� ��. ������ � ���� 2.2.17 � 2.2.18, ����� � � �������� ������ ��
iproute2 � syslogd/klogd. ��������� �� ��������� ���� ������. ����� ���� �� ��
���� �������� �� ������?

egards

-- 
        =- --rw------- =--=--=--=--=--=--=--=--=--=--=--=--=--=
          Theodor Milkov           Administrator IP Networks
          Davidov Electric Ltd.    Phone: +359 (2) 730158
          PGP: http://www.xx.xx.xx.21/zimage.asc
        =--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=

-- --> Translated message begin  <-- --

Zdraveite,

toia vupros go zadavah naskoro v linux-net, ama taka si i ostana bez otgovor.
Dano niakoi ot vas koito ne chete linux-net da ima opit sus zadachkata. Situaciiata
e slednata:

 +----------------+
 | Linux box  A   |
 +----------------+
          | xx.xx.xx.21
          |
          | xx.xx.xx.17
 +----------------+ xx.xx.xx.5          +----------------+
 | Linux router-1 | <-----------------> | Linux router-2 |
 +----------------+          xx.xx.xx.6 +----------------+


Kato nachalo, rp_filter e 0 i ne se ochakva da filtrira paketi idvashti ot greshen
interfeis.

root@router-1:~# for i in /proc/sys/net/ipv4/conf/*/rp_filter; do echo "0" > $i ;done

root@router-2:~# hping xx.xx.xx.21 --icmp -a xx.xx.xx.19 -c 3

root@box-a:~# tcpdump -p icmp
tcpdump: listening on eth0
22:40:15.458399 xx.xx.xx.19 > xx.xx.xx.21: icmp: echo request
22:40:16.455486 xx.xx.xx.19 > xx.xx.xx.21: icmp: echo request
22:40:17.455806 xx.xx.xx.19 > xx.xx.xx.21: icmp: echo request

So far so good... ne e vkliuchen i ne raboti. Tochno po plan ;-)

root@router-1:~# for i in /proc/sys/net/ipv4/conf/*/rp_filter; do echo "1" > $i ;done
root@router-1:~# for i in /proc/sys/net/ipv4/conf/*/log_martians; do echo "1" > $i 
;done

root@router-2:~# hping xx.xx.xx.21 --icmp -a xx.xx.xx.19 -c 3

root@box-a:~# tcpdump -p icmp
tcpdump: listening on eth0
22:44:52.515555 xx.xx.xx.19 > xx.xx.xx.21: icmp: echo request
22:44:53.509648 xx.xx.xx.19 > xx.xx.xx.21: icmp: echo request
22:44:54.509775 xx.xx.xx.19 > xx.xx.xx.21: icmp: echo request

Tuka obache rp_filter veche e 1, no produljava da ne raboti... ;/
Moje bi triabva da nulirame ruting kesh-a?

root@router-1:~# ip route flush cache

root@router-2:~# hping xx.xx.xx.21 --icmp -a xx.xx.xx.19 -c 3

root@box-a:~# tcpdump -p icmp
tcpdump: listening on eth0

Vze che stana. Obache se predpolaga filtriranite paketi da se zapisvat v syslog.
Samo che ne se. Opitah s iadro 2.2.17 i 2.2.18, kakto i s razlichni versii na
iproute2 i syslogd/klogd. Rezultata za sujalenie beshe sushtiiat. Niakoi moje li da
dade komentar po sluchaia?

egards

-- 
        =- --rw------- =--=--=--=--=--=--=--=--=--=--=--=--=--=
          Theodor Milkov           Administrator IP Networks
          Davidov Electric Ltd.    Phone: +359 (2) 730158
          PGP: http://www.xx.xx.xx.21/zimage.asc
        =--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=

-- --> End of translated message <-- --

PGP signature

Reply via email to