Re: ipt_ROUTE loopback

On Thu, Nov 17, 2005 at 05:38:53AM +0100, Willy Tarreau wrote:
> You need to use Julian Anastasov's "send-to-self" patch from ssi.bg/~ja/.
> The problem is not with ipt_route, but with the local addresses. If you
> want the packet to go out, you need to remove the local route for the
> destination. The packet will then go out, but when it will come back,
> the system won't take it because its destination won't match a local
> route. Try "ip r l t local" to see what I mean.
> 
> With Julian's patch, IIRC, you write '1' into /proc/sys/net/ipv4/$IF/loop,
> then you define some cross-routes for destinations with the respective
> sources from the opposite interfaces, then all packets routed out with
> a 'looped' interface address in their source will effectively go out.
> 
> I also suggest that you get his whole '-ja' patch, and that you look
> in Documentation/networking/ip-sysctl.txt in which he adds some
> documentation about this (and I believe there was a more complete
> example on his site).

I've used Julian's patch; it worked fine.  But while trying to debug some
issues with a 4xE1/T1 card, I had to do external loopback with an
unpatched 2.4 kernel.  IIRC, the following did the trick:

for p in 0 1
do
   /sbin/ip link set dev hdlc$p up multicast on
   /sbin/ip addr add dev hdlc$p local 192.168.$p.1 peer 192.168.$p.2
   echo 0 > /proc/sys/net/ipv4/conf/hdlc$p/rp_filter
done

# Trick the kernel into sending the packets over the wire
/sbin/iptables -t mangle -F
/sbin/iptables -t nat -F
/sbin/iptables -t nat -A POSTROUTING -d 192.168.0.2 -j SNAT --to 192.168.1.2
/sbin/iptables -t nat -A POSTROUTING -d 192.168.1.2 -j SNAT --to 192.168.0.2
/sbin/iptables -t nat -A PREROUTING -t nat -d 192.168.1.2 -j DNAT --to 192.168.0.1
/sbin/iptables -t nat -A PREROUTING -t nat -d 192.168.0.2 -j DNAT --to 192.168.1.1

To test, send traffic to either 192.168.0.2, or 192.168.1.2, e.g.,

    ping -T tsandaddr 192.168.0.2

Regards,

	Bill Rugolsky
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• References:
  • ipt_ROUTE loopback
    • From: Jon Masters <[email protected]>
  • Re: ipt_ROUTE loopback
    • From: Willy Tarreau <[email protected]>

• Prev by Date: Re: [PATCH linux-2.6-14-mm2] block: problem unloading I/O-Scheduler Module
• Next by Date: Re: Compilation Error in arch/i386/apm.c
• Previous by thread: Re: ipt_ROUTE loopback
• Next by thread: Re: ipt_ROUTE loopback
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]