wiki'd

by JoKeru

Routing traffic from one CentOS to another CentOS

Setup
[cc lang='bash']
Client: ping from 50.50.50.50 to 30.30.30.30, gateway is 10.10.10.10

Server1: eth0 - 10.10.10.10 - public
ipip1 - 192.168.1.1 - ipip tunnel to Server2

Server2: eth0 - 20.20.20.20 - public
ipip1 - 192.168.1.2 - ipip tunnel to Server1
eth0:3 - 30.30.30.30 - public alias
[/cc]

Server1:
[cc lang='bash']
\$ ip route add 30.30.30.30/32 via 192.168.1.2
\$ sysctl -w "net.ipv4.ip_forward=1"

\$ tcpdump -ni ipip1 host 30.30.30.30
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ipip1, link-type RAW (Raw IP), capture size 65535 bytes
22:49:52.451930 IP 50.50.50.50 > 30.30.30.30: ICMP echo request, id 8983, seq 8, length 64
22:49:53.458018 IP 50.50.50.50 > 30.30.30.30: ICMP echo request, id 8983, seq 9, length 64
22:49:54.466308 IP 50.50.50.50 > 30.30.30.30: ICMP echo request, id 8983, seq 10, length 64
# traffic is routed correctly to Server2 using the "ipip1" interface
[/cc]

Server2:
[cc lang="bash"]
\$ tcpdump -ni ipip1 host 30.30.30.30
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ipip1, link-type RAW (Raw IP), capture size 65535 bytes
00:53:55.243203 IP 50.50.50.50 > 30.30.30.30: ICMP echo request, id 8983, seq 251, length 64
00:53:56.242873 IP 50.50.50.50 > 30.30.30.30: ICMP echo request, id 8983, seq 252, length 64
00:53:57.241698 IP 50.50.50.50 > 30.30.30.30: ICMP echo request, id 8983, seq 253, length 64
# traffic is entering ok, but ping fails

\$ sysctl -w "net.ipv4.conf.all.log_martians=1"
\$ tail -f /var/log/messages
Mar 30 00:59:23 TNT kernel: martian source 30.30.30.30 from 50.50.50.50, on dev ipip1
Mar 30 00:59:23 TNT kernel: ll header: 45:00:00:68:00:00:40:00:33:04:3c:a5:5d:ae:a7:d6:5d:ae:a7:ba:45:00:00:54:34:cf:40:00:34:01:9b:b0:bc:19
Mar 30 00:59:24 TNT kernel: martian source 30.30.30.30 from 50.50.50.50, on dev ipip1
Mar 30 00:59:24 TNT kernel: ll header: 45:00:00:68:00:00:40:00:33:04:3c:a5:5d:ae:a7:d6:5d:ae:a7:ba:45:00:00:54:34:d0:40:00:34:01:9b:af:bc:19
Mar 30 00:59:25 TNT kernel: martian source 30.30.30.30 from 50.50.50.50, on dev ipip1
Mar 30 00:59:25 TNT kernel: ll header: 45:00:00:68:00:00:40:00:33:04:3c:a5:5d:ae:a7:d6:5d:ae:a7:ba:45:00:00:54:34:d1:40:00:34:01:9b:ae:bc:19

\$ sysctl -w "net.ipv4.conf.ipip1.rp_filter=2"
# ping ok
[/cc]

more details: https://access.redhat.com/site/solutions/53031

Comments