lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sat, 11 Feb 2012 12:29:59 +0100
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Rick Koshi <netdev@...e-right-rudder.com>
Cc:	netdev@...r.kernel.org
Subject: Re: Multiple GRE tunnels on the same host, only one routes incoming
 packets

Le samedi 11 février 2012 à 05:40 -0500, Rick Koshi a écrit :
> I'm having a routing problem on CentOS 6.2 (kernel 2.6.32-220)
> 
> Here's the setup:  One host is on my local network.  It's talking
> to two nearly identical hosts at a remote location.  The two remote
> hosts are on all the same networks, acting as redundant backups
> for each other.
> 
> I set up two GRE tunnels from the local host, one to each
> remote host:
>     ip tunnel add name tunnel1 mode gre local 10.2.1.2 remote 10.2.1.1
>     ip link set dev tunnel1 up
>     ip route add 172.16.1.0/24 dev tunnel1 metric 101
> 
>     ip tunnel add name tunnel2 mode gre local 10.2.1.4 remote 10.2.1.3
>     ip link set dev tunnel2 up
>     ip route add 172.16.1.0/24 dev tunnel2 metric 102
> 
> Outgoing packets route properly, no problem.  Incoming packets
> are weird.  It appears that whichever tunnel has the route
> with the higher metric (tunnel2 in the example above) will
> ignore incoming packets.  They come in all right, and can be
> seen on the local machine with 'tcpdump -i tunnel2', but they
> are not routed properly to the local networks.  They're simply
> dropped.  I can switch the two metrics, and then tunnel1 will
> drop all incoming packets.  The tunnel with the lower route
> metric will route packets properly, both incoming and outgoing.
> 
> Is this "working as designed?"  What I'd like to have happen,
> of course, is for all packets on both tunnels to be properly
> forwarded.  Is this possible?

check :

grep . `find /proc/sys -name rp_filter`




--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists