> Simon - thank you very much for pointing out the obvious... which I couldn't > see
We've all been there - just like this, been staring at the screen so long we've got square eyes, certain we've not missed anything. Then some smarta**e walks past and points out the bloomin obvious :D You'd be amazed how often I'm stumped, and the answer comes to me perhaps days after I've given up - at least that's the excuse I use for abandoning stuff these days ;-) > I still don't understand why the "local" table didn't handle the routing for > a locally connected network. Good question. A quick search lead me to this page http://linux-ip.net/html/routing-selection.html which has the useful statement : > The kernel searches for a matching entry for the destination first in the > routing cache and then the main routing table. In the case that the machine > has recently transmitted a packet to the destination address, the routing > cache will contain an entry for the destination. The kernel will select the > same route, and transmit the packet accordingly. So one possible answer is that there had recently been a packet using that route, so the route was in the cache. But that still leaves the "chicken and egg" problem, where according to what's on that page, the routing rule should never have been looked at in the first place. Further down it's stated that : > The kernel begins iterating by priority through the routing policy database. > For each matching entry in the RPDB, the kernel will try to find a matching > route to the destination IP address in the specified routing table using the > aforementioned longest prefix match selection algorithm. When a matching > destination is found, the kernel will select the matching route, and forward > the packet. If no matching entry is found in the specified routing table, the > kernel will pass to the next rule in the RPDB, until it finds a match or > falls through the end of the RPDB and all consulted routing tables. So the fact that there's a matching rule in the local database means the search should stop there. Hmm, a bit of a puzzle, and past the limits of my knowledge. ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
