> > I still seem to have much the same problem. I no longer get ICMP
> > unreachable errors, but the packet just seems to disappear - I can't see
> > it being forwarded on any interface, nor can I find any kind of reply -
> > icmp or otherwise.
>
> sounds like a firewall issue!
It does sound like a firewall issue, but the only firewall rule I have at the
moment is the one doing the DNAT. If I do 'iptables -t nat -L -v', then I can
see the number of packets increasing. Once I remove the firewall rule, I get
my "icmp unreachable" errors again. Funnily enough, if I then reinstate the
firewall (dnat) rule, then I still get "icmp unreachable" errors and the
packet count doesn't go up for the rule. It's almost as though the rule
doesn't get consulted. 'ip route flush cache' doesn't make a difference.
After about 5 minutes the "icmp unreachable" errors stop and the packet count
starts going up, although I still can't find my packet on the next hop. (I do
have forwarding switched on). The packet count on a iptables log rule on the
forward table does not go up, giving me the impression that routing has
failed.
I also tried ip r get <random internet address> from 192.168.12.5, which did
indeed give me the same "RTNETLINK answers: Invalid argument" error. I guess
that means that my understanding of the purpose of 'ip r get' is indeed
faulty.
Thanks for all your help so far.
Paul Viney
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
|