Mailinglist Archive: opensuse (686 mails)

< Previous Next >
Re: [opensuse] need some ideas - traffic appears to be disappearing
  • From: Per Jessen <per@xxxxxxxxxxxx>
  • Date: Thu, 11 Jul 2013 15:48:51 +0200
  • Message-id: <krmd4c$gcj$1@saturn.local.net>
Marcus Meissner wrote:

On Thu, Jul 11, 2013 at 03:16:15PM +0200, Per Jessen wrote:
Marcus Meissner wrote:

run:
iptables-save

and post the output (will be your full iptables tree, censor stuff
in-place if necessary, but do not delete rules).

dupont51:~ # iptables-save
# Generated by iptables-save v1.4.16.3 on Thu Jul 11 15:13:03 2013
[snip]
# Completed on Thu Jul 11 15:13:03 2013

Looks good.

Do you have sample packets captured with tcpdump -i ipip1 ?

Yep, here is some:

http://files.jessen.ch/dupont51.telnet.trc

From where do you telnet to this machine?

Okay, this will get a little complicated:

dupont51 is the only node in an LVS which listens on 212.25.14.51:20025.
dupont51 has two IP-addresses: 192.168.4.205 (regular ethernet) and
10.7.2.18 (ipip-tunnel). The tunnel connects to the LVS frontend which
sends traffic from 212.25.14.51:20025 to 10.7.2.18:25.

I have an external server @hetzner from which I run telnet to
212.25.14.51:20025.

(the tunneling is only required to mimic the production system which
needs tunneling because of certain network restrictions).

"ipip1" sounds like a ip-in-ip tunnel, which might have more
additional weirdness.

Yup.

Is this looking at encapsulated traffic, or already the decapsulated
traffic?

The traffic in the tcpdump is decapsulated traffic and the iptables
rules look at the decpsulated too.

Thanks for taking a look, I have very little hair left these days.


--
Per Jessen, Zürich (24.2°C)
http://www.dns24.ch/ - free DNS hosting, made in Switzerland.

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >