Re: ip_forward mysteriously turnes off(?)
Guy Teverovsky wrote on 2003-07-31: On Wed, 2003-07-30 at 19:15, Beni Cherniavsky wrote: Some time ago I had a very long battle with iptables only to discover that they were fine all the time - turned out that /proc/sys/net/ipv4/ip_forward was 0. I'm pretty sure I didn't setup it like this but I didn't investigate the reasons. I turned it on, added ``FORWARD_IPV4=yes`` to /etc/sysconfig/network, made sure it's enabled when I bring the net up -- and I've been a happy masquerading user since (windoze' connection sharing mangled all masqueraded scp and cvs, which was more than annoying, Baruch ShePtaranu ;). [snip] Jul 30 16:51:05 zion sysctl: net.ipv4.ip_forward = 0 Does your /etc/sysctl.conf file has a line like net.ipv4.ip_forward = 0 ? Change it to net.ipv4.ip_forward = 1 and you should be set. No, it's already =1. Perhaps it was not this but something else; I guess there is no point guessing more until I see a problem again. -- Beni Cherniavsky [EMAIL PROTECTED] Put a backslash at the evening to continue hacking onto the next day. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
ip_forward mysteriously turnes off(?)
Some time ago I had a very long battle with iptables only to discover that they were fine all the time - turned out that /proc/sys/net/ipv4/ip_forward was 0. I'm pretty sure I didn't setup it like this but I didn't investigate the reasons. I turned it on, added ``FORWARD_IPV4=yes`` to /etc/sysconfig/network, made sure it's enabled when I bring the net up -- and I've been a happy masquerading user since (windoze' connection sharing mangled all masqueraded scp and cvs, which was more than annoying, Baruch ShePtaranu ;). However, today in the middle of peaceful browsing and sshing I lost the masqueraded internet access. Mozilla stopped loading pages (infinite connecting to host host...). An ssh into technion kept working for some time but I later found it disconnected (perhaps caused by apmsleep, see below). After long battling with iptables I finally remembered what I fixed originally. Guess what, ip_forward was 0 again! This would seem to mean that it dropped to 0 from it's own will. Now I looked at the system log and I see this (zion is the masquerading host): Jul 30 16:45:43 zion sshd(pam_unix)[3264]: session opened for user beni by (uid=500) Jul 30 16:45:56 zion su(pam_unix)[3304]: session opened for user root by beni(uid=500) Jul 30 16:51:05 zion network: Shutting down interface eth0: succeeded Jul 30 16:51:05 zion network: Shutting down interface eth1: succeeded Jul 30 16:51:05 zion network: Shutting down loopback interface: succeeded Jul 30 16:51:05 zion sysctl: net.ipv4.ip_forward = 0 Jul 30 16:51:05 zion network: Disabling IPv4 packet forwarding: succeeded Jul 30 16:51:06 zion apmd[2373]: User Suspend Jul 30 19:51:52 zion kernel: usb-ohci.c: USB suspend: usb-00:01.2 Jul 30 19:51:52 zion kernel: usb-ohci.c: USB suspend: usb-00:01.3 Jul 30 19:51:52 zion kernel: usb-ohci.c: USB continue: usb-00:01.2 from host wakeup Jul 30 19:51:52 zion kernel: usb-ohci.c: USB continue: usb-00:01.3 from host wakeup Jul 30 16:51:55 zion kernel: eth1: Setting 100mbps full-duplex based on auto-negotiated partner ability 41e1. Jul 30 16:51:56 zion kernel: eth0: Media Link On 10mbps half-duplex Jul 30 16:51:58 zion netfs: Mounting other filesystems: succeeded Jul 30 16:51:58 zion netfs: Mounting other filesystems: succeeded Jul 30 16:51:59 zion apmd[2373]: Normal Resume after 00:00:53 (-1% unknown) AC power That's a full netword shutdown (except ppp0 which I never managed to intergrate into the system's network scripts). Apparently it was triggered by an apm suspend. Indeed I ssh'ed into the host around then - but *after* I saw the net doesn't work! It stopped working before that, around 16:30. Among other things I called `apmsleep`, checking the theory that the connection might be broken because the computer is asleep (obviously it wasn't this - when I suspended it, even the ssh got stuck, I had to press a key to make it wake up). The wakeup apparently made the kernel bring the net up, but without going through the network init scripts, so ip forwarding was never restored. If you ask me, that's broken behavior. This explains why ip_forward was 0 but not why I lost the connection in the first place. It could have got disabled before that. There is no evidence either way - there are no other sysctl messages but they come from /etc/init.d/network, not from changing the setting (via /proc or sysctl). There are no other interesting messages anywhere in /var/log from this time (on both computers). The remaining questions: is it possible for ip_forward to drop to 0 with no visible reason? Has anyone ever experienced this? Sounds too strange. Any other ideas? Any tips for what to check if it happens again (except for not trying apmsleep ;)? -- Beni Cherniavsky [EMAIL PROTECTED] Put a backslash at the evening to continue hacking onto the next day. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: ip_forward mysteriously turnes off(?)
On Wednesday 30 July 2003 19:15, Beni Cherniavsky wrote: Jul 30 16:51:05 zion network: Disabling IPv4 packet forwarding: succeeded Jul 30 16:51:06 zion apmd[2373]: User Suspend Jul 30 19:51:52 zion kernel: usb-ohci.c: USB suspend: ... Jul 30 19:51:52 zion kernel: usb-ohci.c: USB suspend: .., Jul 30 19:51:52 zion kernel: usb-ohci.c: USB continue: ... Jul 30 19:51:52 zion kernel: usb-ohci.c: USB continue: ... Jul 30 16:51:55 zion kernel: eth1: Setting 100mbps... Jul 30 16:51:56 zion kernel: eth0: Media Link ... I don't think I can help you with that, as I don't think I've ever encountered such a behaviour, but I found the timestamps in your log very interesting : apparently, the usb-ohci module in the kernel is reporting time stamps 3 hours in the future compared to the rest of the system. This *has* happened to me several times in the past, and I still fail to understand what makes this happen. -- Oded = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: ip_forward mysteriously turnes off(?)
Oded Arbel wrote on 2003-07-30: On Wednesday 30 July 2003 19:15, Beni Cherniavsky wrote: Jul 30 16:51:05 zion network: Disabling IPv4 packet forwarding: succeeded Jul 30 16:51:06 zion apmd[2373]: User Suspend Jul 30 19:51:52 zion kernel: usb-ohci.c: USB suspend: ... Jul 30 19:51:52 zion kernel: usb-ohci.c: USB suspend: .., Jul 30 19:51:52 zion kernel: usb-ohci.c: USB continue: ... Jul 30 19:51:52 zion kernel: usb-ohci.c: USB continue: ... Jul 30 16:51:55 zion kernel: eth1: Setting 100mbps... Jul 30 16:51:56 zion kernel: eth0: Media Link ... I don't think I can help you with that, as I don't think I've ever encountered such a behaviour, but I found the timestamps in your log very interesting : apparently, the usb-ohci module in the kernel is reporting time stamps 3 hours in the future compared to the rest of the system. This *has* happened to me several times in the past, and I still fail to understand what makes this happen. Oh, didn't notice that. Weird. No idea, either. I believe my timezone is correctly set and GMT is 2 hours behind us which can't explain timestamps 3-hours ahead. -- Beni Cherniavsky [EMAIL PROTECTED] Put a backslash at the evening to continue hacking onto the next day. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: ip_forward mysteriously turnes off(?)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 30 Jul 2003 22:27:39 +0300 (IDT), Beni Cherniavsky [EMAIL PROTECTED] wrote: I don't think I can help you with that, as I don't think I've ever encountered such a behaviour, but I found the timestamps in your log very interesting : apparently, the usb-ohci module in the kernel is reporting time stamps 3 hours in the future compared to the rest of the system. This *has* happened to me several times in the past, and I still fail to understand what makes this happen. Oh, didn't notice that. Weird. No idea, either. I believe my timezone is correctly set and GMT is 2 hours behind us which can't explain timestamps 3-hours ahead. This easily explained. Your time is GMT - 3 (2 hours east of Greenwich + 1 hour daylight saving time). Most of your services report with GMT, but some of them (like the usb) reports with the local time. To check do: `date' and `date -u' and see what time is reported. On my system, most of the messages has the local time stamp but some (e.g. processes run by news [nntp]) report with GMT. Ehud. - -- Ehud Karni Tel: +972-3-7966-561 /\ Mivtach - Simon Fax: +972-3-7966-667 \ / ASCII Ribbon Campaign Insurance agencies (USA) voice mail and X Against HTML Mail http://www.mvs.co.il FAX: 1-815-5509341 / \ mailto:[EMAIL PROTECTED] Better Safe Than Sorry -BEGIN PGP SIGNATURE- Comment: use http://www.keyserver.net/ to get my key (and others) iD8DBQE/KDdbLFvTvpjqOY0RArbwAJ91vRY5E0sls0WmV8s6jxr6yb0UyACggynS QmPHnw64hviz1G6cILBNBLg= =91cY -END PGP SIGNATURE- = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: ip_forward mysteriously turnes off(?)
On Wed, 2003-07-30 at 19:15, Beni Cherniavsky wrote: Some time ago I had a very long battle with iptables only to discover that they were fine all the time - turned out that /proc/sys/net/ipv4/ip_forward was 0. I'm pretty sure I didn't setup it like this but I didn't investigate the reasons. I turned it on, added ``FORWARD_IPV4=yes`` to /etc/sysconfig/network, made sure it's enabled when I bring the net up -- and I've been a happy masquerading user since (windoze' connection sharing mangled all masqueraded scp and cvs, which was more than annoying, Baruch ShePtaranu ;). [snip] Jul 30 16:51:05 zion sysctl: net.ipv4.ip_forward = 0 Does your /etc/sysctl.conf file has a line like net.ipv4.ip_forward = 0 ? Change it to net.ipv4.ip_forward = 1 and you should be set. Guy = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]