www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

Weird routing issue

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
cdpearce



Joined: 27 Jan 2012
Posts: 22

PostPosted: Fri Jun 22, 2012 12:58 am    Post subject: Weird routing issue Reply with quote

I have a system running ZS beta16. There are multiple VLANS on an ethernet port:
VLAN 1: 10.1.0.1/16
VLAN 2: 10.2.0.1/16
VLAN 3: 10.3.0.1/16

This system is connected to a Cisco switch that is interfaced to the ZS system over a trunk port. Other ports on the switch are configured to be access ports with native VLAN membership configured on a port by port basis.

I have another device that has 2 ethernet ports, with one port in VLAN 2 and one port in VLAN 3.
eth0: 10.2.1.1
eth1: 10.3.1.1
It is configured with a default route to 10.2.0.1 via eth0/VLAN 2. Let's call this system the "Target"

Case 1:
Ping 10.3.1.1 from 10.2.2.2 (some device in VLAN 2, gateway is 10.2.0.1):
10.2.2.2 sends [Ping 10.3.1.1 Request From 10.2.2.2] to 10.2.0.1
ZS routes this request to VLAN 3
10.3.0.1 sends [Ping 10.3.1.1 Request From 10.2.2.2] to 10.3.1.1
Target receives Ping request and recognizes that it has an interface in the sender's VLAN and responds from that interface
10.2.1.1 sends [Ping 10.3.1.1 Reply To 10.2.2.2] to 10.2.2.2
So that works fine.

Case 2:
Ping from 10.1.2.2 (some device in VLAN 1, gateway is 10.1.0.1):
10.1.2.2 sends [Ping 10.3.1.1 Request From 10.1.2.2] to 10.1.0.1
ZS routes this request to VLAN 3
10.3.0.1 sends [Ping 10.3.1.1 Request From 10.1.2.2] to 10.3.1.1
Target receives Ping request, but does not have an interface in VLAN 1, so it responds via its default gateway
10.2.1.1 sends [Ping 10.3.1.1 Reply To 10.1.2.2] to 10.2.0.1
ZS should route the reply to VLAN 1, but it does not. The reply gets dropped!

Why does this happen? Is it because the reply is from a source IP address in VLAN 3, but is arriving from VLAN 2? This should be allowed!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group