Re: Routing problems

Fri Feb 19 08:43:21 UTC 2010

> ip rule list
ip rule list
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default
========================
> ip route list table local
> ip route list table main
> ip route list table default

ip route list table local
local 195.39.130.92 dev eth0  proto kernel  scope host  src 195.39.130.92
broadcast 127.255.255.255 dev lo  proto kernel  scope link  src 127.0.0.1
local 192.168.180.100 dev eth3  proto kernel  scope host  src 192.168.180.100
broadcast 10.255.250.255 dev eth2  proto kernel  scope link  src 10.255.250.37
broadcast 192.168.180.0 dev eth3  proto kernel  scope link  src 192.168.180.100
broadcast 195.39.130.255 dev eth0  proto kernel  scope link  src 195.39.130.92
broadcast 10.255.250.0 dev eth2  proto kernel  scope link  src 10.255.250.37
broadcast 192.168.180.255 dev eth3  proto kernel  scope link  src 192.168.180.100
broadcast 127.0.0.0 dev lo  proto kernel  scope link  src 127.0.0.1
broadcast 195.39.130.0 dev eth0  proto kernel  scope link  src 195.39.130.92
local 10.255.250.37 dev eth2  proto kernel  scope host  src 10.255.250.37
local 127.0.0.1 dev lo  proto kernel  scope host  src 127.0.0.1
local 127.0.0.0/8 dev lo  proto kernel  scope host  src 127.0.0.1

ip route list table main
192.168.180.0/24 dev eth3  proto kernel  scope link  src 192.168.180.100
10.200.1.0/24 via 10.255.250.250 dev eth2
195.39.130.0/24 dev eth0  proto kernel  scope link  src 195.39.130.92
10.1.1.0/24 via 10.255.250.250 dev eth2
10.201.1.0/24 via 10.255.250.250 dev eth2
172.17.1.0/24 via 192.168.180.100 dev eth3
10.255.250.0/24 dev eth2  proto kernel  scope link  src 10.255.250.37
169.254.0.0/16 dev eth0  scope link  metric 1003
169.254.0.0/16 dev eth2  scope link  metric 1004
169.254.0.0/16 dev eth3  scope link  metric 1005
192.168.0.0/16 via 192.168.180.100 dev eth3
default via 195.39.130.89 dev eth0

ip route list table default
My comment: Table is empty
======================

I can't see any fault. Packets to 172.17.1.50 should match 
172.17.1.0/24 via 192.168.180.100 dev eth3 
and go to eth3. But it doesn't and goes by default to eth0 
(Internet)

Don't you know any way of debugging routing decisions
(to see why do packets match or not)?

Thank you again. :)
jh

> ------------ Původní zpráva ------------
> Od: Rick Sewill <rsewill at gmail.com>
> Předmět: Re: Routing problems
> Datum: 19.2.2010 05:54:39
> ----------------------------------------
> On Fri, 2010-02-19 at 04:31 +0100, j.halifax . wrote: 
> > > What happens if you try to "ping" from the eth2 interface of the router?
> > > ping -I 10.255.250.37 172.17.1.50
> > 
> > Commands issued in 10.255.l250.37 (via ssh 195.39.130.92):
> > =============================================
> > ping -I 10.255.250.37 172.17.1.50
> > PING 172.17.1.50 (172.17.1.50) from 10.255.250.37 : 56(84) bytes of data.
> > >From 195.39.130.92 icmp_seq=2 Destination Host Unreachable
> > :(
> > ping -I eth2 182.15.1.50
> > PING 182.15.1.50 (182.15.1.50) from 10.255.250.37 eth2: 56(84) bytes of data.
> > >From 195.39.130.92 icmp_seq=1 Destination Host Unreachable
> > :(
> > ping 172.17.1.50
> > PING 172.17.1.50 (172.17.1.50) 56(84) bytes of data.
> > 64 bytes from 172.17.1.50: icmp_seq=1 ttl=253 time=8.65 ms
> > :)
> > 
> > ==========================================
> > iptables -L -v
> > Chain INPUT (policy ACCEPT 3325K packets, 706M bytes)
> >  pkts bytes target     prot opt in     out     source              
> destination
> > 
> > Chain FORWARD (policy ACCEPT 2152K packets, 964M bytes)
> >  pkts bytes target     prot opt in     out     source              
> destination
> >   534 40008 ACCEPT     all  --  any    eth3    anywhere            
> 172.17.0.0/16
> > 
> > Chain OUTPUT (policy ACCEPT 1080K packets, 160M bytes)
> >  pkts bytes target     prot opt in     out     source              
> destination
> > ====================================
> > ping -I eth2 172.17.1.50
> > PING 172.17.1.50 (172.17.1.50) from 10.255.250.37 eth2: 56(84) bytes of data.
> > >From 195.39.130.92 icmp_seq=2 Destination Host Unreachable
> > ====================================
> > iptables -L -v
> > Chain INPUT (policy ACCEPT 3325K packets, 706M bytes)
> >  pkts bytes target     prot opt in     out     source              
> destination
> > 
> > Chain FORWARD (policy ACCEPT 2153K packets, 964M bytes)
> >  pkts bytes target     prot opt in     out     source              
> destination
> >   534 40008 ACCEPT     all  --  any    eth3    anywhere            
> 172.17.0.0/16
> > 
> > Chain OUTPUT (policy ACCEPT 1080K packets, 160M bytes)
> >  pkts bytes target     prot opt in     out     source              
> destination
> > =====================================
> > 
> > Thank you..
> > jh
> 
> 
> You convinced me my gut instinct is wrong about iptables being involved.
> 
> I have another line of thought.
> 
> I believe, with iproute2, there are additional routing tables.
> 
> With a note of caution as I am reading documentation as I go,
> and you may find you have more experience with this than me,
> please do:
> ip rule list
> 
> I expect there to be at least 3 tables listed, local, main, default
> 
> For each table, please do  ip route list table <table name>
> For example,
> ip route list table local
> ip route list table main
> ip route list table default
> ...and ip route list table xxx for any other tables in the rule list.
> 
> I am going to make a wild guess the local table has higher priority
> than the main table and has something adversely affecting your routing.
> 
> I believe we normally only look at the main table.
> 
> I think the files for iproute2 are kept in the /etc/iproute2 directory.
> 
> Again, this is only a guess on my part.
> 
> The documentation I was reading was found using google at URL:
> http://www.linuxdocs.org/HOWTOs/Adv-Routing-HOWTO-4.html
> 
> 
> 
> -- 
> users mailing list
> users at lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> 
> 
> 