So I'm not real sure what I am looking at. Doing a ping from the internal guest to a internet address. Not seeing anything received on the tcdump on the router.
*sles003:~ # tcpdump -i eth0 icmp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 11:16:07.644089 IP sles003 > miszvm.s390.mainline.com: ICMP echo request, id 15023, seq 1, length 64 * On Thu, Jun 7, 2012 at 11:13 AM, Mark Pace <[email protected]> wrote: > On the internal guest2 > sles003:~ # netstat -nr > Kernel IP routing table > Destination Gateway Genmask Flags MSS Window irtt > Iface > 0.0.0.0 172.16.1.1 0.0.0.0 UG 0 0 0 > eth0 > 10.6.0.0 0.0.0.0 255.255.255.0 U 0 0 0 > hsi0 > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo > 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 > eth0 > 172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 > eth0 > > > And on the router guest1 > misvpn:~ # netstat -nr > Kernel IP routing table > Destination Gateway Genmask Flags MSS Window irtt > Iface > 199.44.167.0 0.0.0.0 255.255.255.128 U 0 0 0 > eth0 > 10.6.0.0 0.0.0.0 255.255.255.0 U 0 0 0 > hsi0 > 172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 > eth1 > 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 > eth0 > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo > 0.0.0.0 199.44.167.1 0.0.0.0 UG 0 0 0 > eth0 > > I've never done a tcpdump before, something new to learn. :-) > > Mark > > > On Thu, Jun 7, 2012 at 11:04 AM, Mauro Souza <[email protected]> wrote: > >> A couple tcpdumps could help know where your pings are getting killed. >> You can run "tcpdump -i eth0 icmp" on your guest, on the gateway, and >> on the external machine. >> >> A netstat -nr would help know if your routing table is pointing to the >> wrong destination... >> >> Mauro >> http://mauro.limeiratem.com - registered Linux User: 294521 >> Scripture is both history, and a love letter from God. >> >> >> 2012/6/7 Mark Pace <[email protected]>: >> > Wasn't aware of that one. >> > >> > misvpn:~ # cat /proc/sys/net/ipv4/conf/all/rp_filter >> > 1 >> > >> > misvpn:~ # echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter >> > misvpn:~ # cat /proc/sys/net/ipv4/conf/all/rp_filter >> > 0 >> > >> > Stll unable to ping outward. >> > >> > On Thu, Jun 7, 2012 at 10:22 AM, Rob van der Heij <[email protected]> >> wrote: >> > >> >> On Thu, Jun 7, 2012 at 4:10 PM, Mark Pace <[email protected]> >> wrote: >> >> > Within Guest2 - the router - Yes >> >> > misvpn:~ # sudo cat /proc/sys/net/ipv4/ip_forward >> >> > 1 >> >> > >> >> >> >> There's also the conf/<if>/rp_filter that by default not to accept >> >> traffic on the interface that you would not have sent that way >> >> >> >> Rob >> >> >> >> ---------------------------------------------------------------------- >> >> For LINUX-390 subscribe / signoff / archive access instructions, >> >> send email to [email protected] with the message: INFO LINUX-390 >> or >> >> visit >> >> http://www.marist.edu/htbin/wlvindex?LINUX-390 >> >> ---------------------------------------------------------------------- >> >> For more information on Linux on System z, visit >> >> http://wiki.linuxvm.org/ >> >> >> > >> > >> > >> > -- >> > The postings on this site are my own and don’t necessarily represent >> > Mainline’s positions or opinions >> > >> > Mark D Pace >> > Senior Systems Engineer >> > Mainline Information Systems >> > >> > ---------------------------------------------------------------------- >> > For LINUX-390 subscribe / signoff / archive access instructions, >> > send email to [email protected] with the message: INFO LINUX-390 >> or visit >> > http://www.marist.edu/htbin/wlvindex?LINUX-390 >> > ---------------------------------------------------------------------- >> > For more information on Linux on System z, visit >> > http://wiki.linuxvm.org/ >> >> ---------------------------------------------------------------------- >> For LINUX-390 subscribe / signoff / archive access instructions, >> send email to [email protected] with the message: INFO LINUX-390 or >> visit >> http://www.marist.edu/htbin/wlvindex?LINUX-390 >> ---------------------------------------------------------------------- >> For more information on Linux on System z, visit >> http://wiki.linuxvm.org/ >> > > > > -- > The postings on this site are my own and don’t necessarily represent > Mainline’s positions or opinions > > Mark D Pace > Senior Systems Engineer > Mainline Information Systems > > > > > -- The postings on this site are my own and don’t necessarily represent Mainline’s positions or opinions Mark D Pace Senior Systems Engineer Mainline Information Systems ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
