Understanding IP forwarding

Graham Butler g.butler at hud.ac.uk
Fri Aug 3 13:08:35 UTC 2012 

I have a duel NIC server (Ubuntu 12.04) connected to two different subnets and I am trying to understand a possible ip forwarding problem I have. I would appreciate a nudge in the right direction.

If I ping the first interface (161.112.232.221) from another server, not on the same subnet as second interface, I get a reply i.e. the ping and reply are on the same interface.

If I ping the second interface (172.17.193.146) from another server on its own subnet (say 172.17.193.62), I get a reply. Once again the ping and the reply are on the same sub net.

The problem is when a ping is received on one interface, and the reply wants to go down the other interface, it all fails. On a failed request, I can see the traffic coming in on one interface (using tcpdump), but I cannot see any replies on either interface. From my experience with Solaris,  if 'IP forwarding' is enabled, it allows a reply on another interface. I am very new to Ubuntu.

Can I assume from this that setting ip_forward in Ubuntu to allow communication between the two interfaces is not sufficient, and that I may have to use iptables?

The server is not intended to be a router as such, but a development server for testing as a transparent proxy server. I have not got to the transparent proxy bit yet, as I am still trying to understand this problem.

~# netstat -r
Kernel IP routing table
Destination     Gateway             Genmask           Flags   MSS Window  irtt Iface
default             161.112.232.99  0.0.0.0               UG       0 0          0 eth0
localnet            *                          255.255.255.0   U         0 0          0 eth0
172.17.193.0    *                         255.255.255.0   U         0 0          0 eth1

ip_forward is set to 1 and UFW is disabled.

Graham




---
This transmission is confidential and may be legally privileged. If you receive it in error, please notify us immediately by e-mail and remove it from your system. If the content of this e-mail does not relate to the business of the University of Huddersfield, then we do not endorse it and will accept no liability.

More information about the ubuntu-users mailing list