Yep the old rp_filter trap! Had me stumped for about 10 mins as well.
You only need to disable it on the sm200d interface though. On Tue, 23 Apr 2002 [EMAIL PROTECTED] wrote: > Hello ramon, > > due to spoof prevention... have a look in you boot scripts for rp_filter > > and change... > > for f in /proc/sys/net/ipv4/conf/*/rp_filter; do > echo 1 > $f > done > > to > > for f in /proc/sys/net/ipv4/conf/*/rp_filter; do > echo 0 > $f > done > > -- > Best regards, > evilbunny mailto:[EMAIL PROTECTED] > > Tuesday, April 23, 2002, 11:47:36 AM, you wrote: > > rb> Hi peoples, > > rb> I've got a tricky one which has got me a little stumped.. > > rb> I'm installing satellite for my net connection. Ive got it all working > rb> The ISP is a reseller of the iHUG service. > > rb> The Dial up account is with a local ISP. (not an iHug specific account) > rb> Ive got the card all configured (ie the driver loads etc) > rb> and the Dialup appears to allow me to change my source IP outgoing. > > rb> How does it the satellite stuff work: > rb> data goes out via the ppp0:0 (dialup) interface > rb> with a source address of the Satellite card > > rb> The satellite card is configured with a dummy IP address > rb> and it receives packets (from my ISP) sent to the external IP Address. > rb> (there is an app running in bg that 'locks' on to the satellite and get >the > rb> data) > > rb> How is it setup:? > rb> (say the satellite External IP address is 1.2.3.4 ie real. > rb> the card drivers are loaded > rb> The module is loaded into the kernel and then the app is loaded. > rb> The the 'NIC' side of the card is configured. > rb> # ifconfig sm200d 10.0.0.1 > > rb> Dialup the ISP via modem (local IP given 5.5.5.1, remote ip given > rb> 5.5.5.254) > rb> # ifconfig ppp0:0 1.2.3.4 netmask 255.255.255.255 pointopoint 5.5.5.254 > > rb> delet the old ppp0 route > rb> # route del default > > rb> add new route (via ppp0:0 so it sets the source of the IP to the sat IP) > rb> # route add default gw 5.5.5.254 dev ppp0:0 > > rb> What happens ? > rb> I can ping an external host > rb> # ping www.ibm.com > > rb> The return ping response actually DO come back on the sm200d interface > > rb> sm200d Link encap:Ethernet HWaddr 00:xx:xx:xx:xx:xx > rb> inet addr:10.0.0.1 Bcast:10.255.255.255 Mask:255.0.0.0 > rb> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > rb> ----> RX packets:97 errors:0 dropped:0 overruns:0 frame:0 > rb> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > rb> collisions:0 txqueuelen:100 > rb> Interrupt:9 > > rb> The box I am doing this on is a firewall (smoothwall) but I have dropped > rb> all the > rb> ipchains ruls and set default policies for input,output as ACCEPT and > rb> forward as MASQ (because there is an internal network attached to eth0 @ > rb> 192.168.1.0 > > rb> And I also set some ipchains logging with ipchains -A input -d 1.2.3.4 -l > rb> and I can see all the reponses come back .. > > rb> my question? > rb> How do I get the card/linux to deliver them to the application (eg ping) >or > rb> whatever > rb> given that they come back on a different interface to what sent out on? > > rb> How can I debug this further to see where/why they are going no where? > > rb> How is this 'jump' between NIC's configured ? > > > > rb> Any suggestions are MUCHly appreciated! :^) > > rb> - ramon. > > > > > > > rb> This email was sent to you by Ramon Buckland, Software Engineer at f5. > rb> You can reach Ramon directly on 0421 379 694. > > -- > SLUG - Sydney Linux User's Group - http://slug.org.au/ > More Info: http://lists.slug.org.au/listinfo/slug > -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
