On Mon, Mar 16, 2009 at 09:16:51PM +0000, Nick Martin wrote: > Is there anything special you need to do to a tun device for the traffic > coming from it to be forwarded? I have some traffic coming in from a tun > device (the traffic has the same source address as my eth1 device, is > this a problem?), that should be forwarded, but it seems to be getting > dropped. > > cat /proc/sys/net/ipv4/ip_forward gives 1. I think I have the routing > table set up properly. I have a separate table for traffic coming in on > the device which I use by: ip rule add iif tun1 table tun_table
Check your routes with "ip route get <to> from <from> iif tun1". > By setting up iptables rules with target LOG in the mangle table, I can > see the traffic coming in to PREROUTE, but it never gets to FORWARD and > I can't figure out why. Probably your packets are dropped by the reverse path filters. Try to set log_martians=1 on every interface to catch (see kernel log) and rp_filter=0 to overcome this. However, reverse path problems are hints that there is some configuration error, so you should inspect your setup, looking for better routing scheme. -- Eugene Berdnikov ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ VTun-devel mailing list VTun-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/vtun-devel
