[ale] Routing under kernel 4.9

Jeff Jansen bamakojeff at gmail.com
Sat Oct 21 17:44:55 EDT 2017 

Dear Alex,

Routes are "advertised" by your DHCP server.  I assume that's on your
router.  What software are you using?  I use 'dnsmasq'.  To send your route
out to all DHCP clients I would add:

dhcp-option=121,10.100.0.0/24,10.0.0.200

to my dnsmasq configuration file and reload dnsmasq.  Then all my clients
would have to re-query the DHCP server to get the new route.  But then all
the clients should be able to talk to the 10.100.0.0/24 network directly
through the 10.0.0.200 gateway without involving your router at all.

That doesn't answer why your router won't send the packets destined for
10.100.0.0/24 network on to the 10.0.0.200 gateway anyway.  I assume the
router is working otherwise.  That the router has
'/proc/sys/net/ipv4/ip_forward'
= 1 and it's not overridden in '/proc/sys/net/ipv4/conf/DEV/forwarding'.
That iptables has a FORWARD rule which allows traffic to traverse the
router. (iptables was new in the 2.6 kernel.  It was ipchains in 2.4.)

I would run:

ip route list
cat /proc/sys/net/ipv4/ip_forward
cat /proc/sys/net/ipv4/conf/DEV/forwarding    #where 'DEV' is the internal
network interface
iptables -vnL FORWARD

and make sure that the router knows the gateway for the 10.100.0.0/24
network, that it's set to forward (and not overruled on the internal
network interface), and that iptables is allowing forwarding when a packet
comes in and goes back out the internal interface.

HTH

Jeff



On Sat, Oct 21, 2017 at 2:05 PM, Alex Carver <agcarver+ale at acarver.net>
wrote:

> Ok, I've tried every possible thing I could do to get routing to
> alternate gateways working correctly and nothing is working short of
> putting static routes on any machine that can handle them so I've got to
> ask for help again.  Are there any security features in kernel 4.9 that
> perhaps weren't present way back in kernel 2.4 that would prevent a
> machine operating as the main gateway from issuing a reroute?
>
> If the primary gateway is 10.0.0.1/24 and I add a static route to send
> another network to a different machine:
> route -add net 10.100.0.0/24 gw 10.0.0.200
>
> What in the kernel would prevent this route from being advertised or
> otherwise handed to all clients on 10.0.0.0/24 when they attempt to
> respond to a packet coming from 10.100.0.0/24?  I can trace an incoming
> packet from 10.100.0.0/24, through the 10.0.0.200 machine all the way to
> the 10.0.0.0/24 client, it replies and tries to send back to 10.100.0.0
> but the packet heads back towards 10.0.0.1 and never gets redirected
> back to 10.0.0.200.
>
> If I add the static route directly to the clients, the connections work.
>  The problem is that I can't do that for every client, not all of them
> know how to handle routes on their own (not that I really should, this
> is the job of a router, no?)
>
> I'm certain it's some feature/setting of the kernel that's new in 4.9
> because this worked fine when the router was using the old 2.4 kernel.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20171021/f84bd28b/attachment.html>

More information about the Ale mailing list