Why don't packets go in linux router?

E

Evgeny Ferapontov2014-07-02 15:59:25

linux

Evgeny Ferapontov, 2014-07-02 15:59:25

So, there is a box with Linux. eth0 looks at the local network 192.168.1.0/24, eth2 looks at the modem with the Internet (moved to a separate subnet 192.168.0.0/24)

Interface configuration:

# eth2
        allow-hotplug eth2
        iface eth2 inet static
        address 192.168.0.28
        netmask 255.255.255.0
        gateway 192.168.0.1
# internal eth0
        allow-hotplug eth0
        iface eth0 inet static
        address 192.168.1.1
        netmask 255.255.255.0

ip_forwarding is enabled.
Client configuration:

Ethernet adapter Ethernet 2:
   DNS-суффикс подключения . . . . . 
   IPv4-адрес. . . . . . . . . . . . : 192.168.1.2
   Маска подсети . . . . . . . . . . : 255.255.255.0
   Основной шлюз. . . . . . . . . : 192.168.1.1

I launch a ping on the client to the external interface (eth2) of the Linux box:

ping 192.168.0.28 -n 100

Обмен пакетами с 192.168.0.28 по с 32 байтами данных:
Превышен интервал ожидания для запроса.
Превышен интервал ожидания для запроса.
Превышен интервал ожидания для запроса.
Превышен интервал ожидания для запроса.
Превышен интервал ожидания для запроса.
Превышен интервал ожидания для запроса.
Превышен интервал ожидания для запроса.
Превышен интервал ожидания для запроса.
Превышен интервал ожидания для запроса.

At this time, in wireshark on the client, I see an icmp request, which is transmitted to the gateway.
At this time, in a Linux box on the internal interface, an icmp request is visible:

tcpdump -i eth0 icmp -vv
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
15:36:12.450762 IP (tos 0x0, ttl 128, id 472, offset 0, flags [none], proto ICMP (1), length 60)
    <b>192.168.1.2 > 192.168.0.28: ICMP echo request</b>, id 1, seq 1114, length 40

On the external interface, icmp reply is visible:

tcpdump -i eth2 icmp -vv
tcpdump: listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes
15:36:32.449836 IP (tos 0x0, ttl 64, id 45882, offset 0, flags [none], proto ICMP (1), length 60)
    192.168.0.28 > 192.168.1.2: ICMP echo reply, id 1, seq 1118, length 40

But there is no reply on the internal interface!
A similar picture with any other external address for 192.168.1.0/24.
What am I doing wrong? Where to dig?
PS:

ping -I eth0 192.168.0.28
PING 192.168.0.28 (192.168.0.28) from 192.168.1.1 eth0: 56(84) bytes of data.
From 192.168.1.1 icmp_seq=1 Destination Host Unreachable
From 192.168.1.1 icmp_seq=2 Destination Host Unreachable
From 192.168.1.1 icmp_seq=3 Destination Host Unreachable
^C
--- 192.168.0.28 ping statistics ---
6 packets transmitted, 0 received, +3 errors, 100% packet loss, time 5023ms
pipe 3

UPD: Forgot to attach a picture.

Reply

Answer the question

In order to leave comments, you need to log in

6 answer(s)

E

Evgeny Ferapontov, 2014-07-09
@e1ferapontov

In general, I never understood why this was happening, but reinstalling solved the problem. Most likely something is crooked. Now everything works.

A

Andrey Burov, 2014-07-02
@BuriK666

net.ipv4.ip_forward etc. included?

K

Konkase, 2014-07-02
@Konkase

netstat -rn show from the router

L

larrabee, 2014-07-02
@larrabee

try iptables -P FORWARD ACCEPT and check the iptables rules. The previously specified command will not help if there are explicitly prohibiting rules.

Z

Zhakupov, 2014-07-04
@Zhakupov

iptables --list
to studio

P

pumamd, 2014-07-07
@pumamd

Command output:

iptables -vnL
iptables -vnL -t nat
iptables -vnL -t raw