This turned out to be a foolish mistake on my part. I needed to disable "accept_local", as my encapsulated packets had a source IP address of one of the local interfaces. Sorry for the extra traffic.
Shaddi On Mon, Jul 11, 2011 at 8:57 AM, Shaddi Hasan <[email protected]> wrote: > Hi all, > > > I have a simple IP-level forwarder, consisting of the following > configuration on two directly-connected machines. What I'd like to > have happen is all packets destined for 192.168.100.0/24 are routed > through Click, ipip encapsulated and forwarded to the second machine > (192.168.15.1) which is running a second instance of Click, listening > on the tun device at 192.168.35.1 (see routing table below). > > Using tcpdump on the tun device, I see my traffic is being properly > encapsulated by Click with the proper destination address, > 192.168.35.1, but no packets are routed through the eth1 device to the > other machine. I have verified no packets are getting transferred with > a physical tap (not KernelTap) on the line. What's confusing me is > that if I ping 192.168.35.1, I *do* get a response. > > Is there something I am missing about the KernelTun element that would > cause packets sent to it in Click to bypass the system's routing > table? I'm not sure if this issue is due to a misconfiguration of > routing rules, misunderstanding of Click, misunderstanding of the tun > device, or a combination of the three, so apologies if this is not > actually a Click-related issue. > > Thanks! > Shaddi > > > Click conf: > ------------------------------- > AddressInfo(tun0 192.168.25.0/24); > tun :: KernelTun(tun0, DEVNAME tun0); > > //Click interface from outside Tunnel to Tunnel > AddressInfo(tunIn 192.168.20.0/24); > kTunIn :: KernelTun(tunIn, DEVNAME tun_in); > > kTunIn -> MarkIPHeader -> IPPrint(TUN_IN, LENGTH true) -> IPEncap(253, > 192.168.25.1, 192.168.35.1) -> tun; > > tun -> StripIPHeader -> MarkIPHeader -> IPPrint(TUN, LENGTH true) -> kTunIn; > ------------------------------- > > The relevant lines in my routing table look like this: > > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > 192.168.35.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth1 > 192.168.100.0 192.168.20.1 255.255.255.0 UG 0 0 0 tun_in > 192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 tun_in > 192.168.35.0 192.168.15.1 255.255.255.0 UG 0 0 0 eth1 > 192.168.15.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > 192.168.25.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 > _______________________________________________ click mailing list [email protected] https://amsterdam.lcs.mit.edu/mailman/listinfo/click
