[quagga-dev 3816] Re: problem to link two ospf neighbors (wrong src-ip for hello packets)

Jan Wagner waja at cyconet.org
Mon Nov 7 02:01:21 GMT 2005


Hi!

After 30 additional minutes on irc we got some interesting stuff:

On eth0 of gremlin did run NAT but also with all rules removed it wasnt 
working.

gremlin:~# iptables -t mangle -nvL
Chain PREROUTING (policy ACCEPT 817 packets, 68850 bytes)
 pkts bytes target     prot opt in     out     source               
destination
Chain INPUT (policy ACCEPT 805 packets, 67019 bytes)
 pkts bytes target     prot opt in     out     source               
destination
Chain FORWARD (policy ACCEPT 10 packets, 1342 bytes)
 pkts bytes target     prot opt in     out     source               
destination
Chain OUTPUT (policy ACCEPT 422 packets, 69889 bytes)
 pkts bytes target     prot opt in     out     source               
destination
Chain POSTROUTING (policy ACCEPT 444 packets, 72433 bytes)
 pkts bytes target     prot opt in     out     source               
destination
gremlin:~# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 4 packets, 655 bytes)
 pkts bytes target     prot opt in     out     source               
destination
Chain POSTROUTING (policy ACCEPT 3 packets, 599 bytes)
 pkts bytes target     prot opt in     out     source               
destination
Chain OUTPUT (policy ACCEPT 2 packets, 168 bytes)
 pkts bytes target     prot opt in     out     source               
destination

then we did (it was only a wild guess from Paul):
gremlin:~# lsmod | grep connt
ip_conntrack_ftp       72848  1 ip_nat_ftp
ip_conntrack           44536  3 ip_nat_ftp,iptable_nat,ip_conntrack_ftp
gremlin:~# rmmod ip_nat_ftp
gremlin:~# rmmod ip_conntrack_ftp
gremlin:~# rmmod iptable_nat
gremlin:~# rmmod ip_conntrack
gremlin:~# lsmod | grep connt
gremlin:~# /etc/init.d/quagga restart

And with some voodoo it was working:

gremlin> sh ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface           
RXmtL RqstL DBsmL
192.168.20.2      1   Full/DR         00:00:30    192.168.20.2    
eth1:192.168.20.1     0     0     0
gremlin>

I tried to reproduce it .. doesnt work.

Now OSPF runs well on eth1 and on eth0 there is running NAT:

gremlin:~# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 96 packets, 15461 bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain POSTROUTING (policy ACCEPT 31 packets, 3985 bytes)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 SNAT       all  --  *      eth0    192.168.1.0/24       0.0.0.0/0           
to:10.42.1.65
    2   479 SNAT       all  --  *      eth0    192.168.20.0/24      0.0.0.0/0           
to:10.42.1.65
    0     0 SNAT       all  --  *      eth0    192.168.100.0/24     0.0.0.0/0           
to:10.42.1.65
    0     0 SNAT       all  --  *      eth0    192.168.200.0/24     0.0.0.0/0           
to:10.42.1.65
    0     0 SNAT       all  --  *      eth0    10.35.42.0/24        0.0.0.0/0           
to:10.42.1.65

Dunno how to come in this situation again nor to prevent from nor what it 
realy was. I only know that i'm the guy who all ppl thought from he is mixing 
up his wires (l2 problems) and stupid and who was searching around two days 
to get to the conclusion that there is some voodoo is required in this 
situation.

Paul: Thanks for your help.

With kind regards, Jan.
-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GIT d-- s+: a- C+++ UL++++ P+ L+++ E- W+++ N+++ o++ K++ w---
O M-- V- PS PE Y++ PGP++ t-- 5 X R tv- b+ DI- D++
G++ e++ h-- r+++ y+++
------END GEEK CODE BLOCK------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.quagga.net/pipermail/quagga-dev/attachments/20051107/2437f595/attachment-0001.sig>


More information about the Quagga-dev mailing list