It seems that ip-forwarding continues after you disabled
the dummy interface. The corresponding ip address is still
ping-able or even telnet-able. Here are the details.
I am using kernel 2.2.12 with no firewall code included in
the kernel (see at the end for the exact config.)
Here is the configuration. I have to physical hosts, myhost (one
ethernet interface) and myrouter (one eth, one eth alias and
one dummy) with the following configuration:
ADRESS NETWORK NETMASK BROADCAST
myhost eth0 152.81.4.137 152.81.0.0 255.255.240.0 152.81.15.255
myrouter eth0 152.81.65.19 152.81.64.0 255.255.240.0 152.81.79.255
eth0:0 152.81.11.173 152.81.0.0 255.255.240.0 152.81.15.255
dummy0 192.168.65.1 192.168.64.0 255.255.240.0 192.168.79.255
myhost should be able to reach the dummy interface of myrouter. A
typical test could be telnet 192.168.65.1. For this, the eth0:0
interface of myrouter is configured as a gateway for the dummy
network. Here is the routing table of myhost
[root@myhost]# /sbin/route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
152.81.4.137 * 255.255.255.255 UH 0 0 0 eth0
152.81.64.0 * 255.255.240.0 U 0 0 0 eth0
192.168.64.0 152.81.11.173 255.255.240.0 UG 0 0 0 eth0
loopback-net * 255.0.0.0 U 0 0 0 lo
default 152.81.1.1 0.0.0.0 UG 0 0 0 eth0
myrouter should forward packets coming from myhost on its eth0:0 interface
to its dummy0 interface. Here is the routing table of myrouter
[root@myrouter]# /sbin/route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.65.1 * 255.255.255.255 UH 0 0 0 dummy0
152.81.65.19 * 255.255.255.255 UH 0 0 0 eth0
152.81.11.173 * 255.255.255.255 UH 0 0 0 eth0
152.81.64.0 * 255.255.240.0 U 0 0 0 eth0
192.168.64.0 * 255.255.240.0 U 0 0 0 dummy0
152.81.64.0 * 255.255.240.0 U 0 0 0 eth0
loopback-net * 255.0.0.0 U 0 0 0 lo
default 152.81.1.1 0.0.0.0 UG 0 0 0 eth0
Now if ip_forward is set, everything is ok and I can telnet 192.168.65.1
on myhost.
[root@myhost]# telnet 192.168.65.1
Trying 192.168.65.1...
Connected to myrouter.loria.fr.
Escape character is '^]'.
.....
But then if I remove the dummy0 interface by
/sbin/ifconfig dummy0 down
for example, I should not be able to telnet 192.168.65.1 anymore ?
Or it still works ! Moreover, I can remove the dummy.o module by
/sbin/rmmod dummy
while a telnet session is active. The session freezes at that
point. So dummy.o was in use but not marked as such ?
I do not know what happens in the kernel but it seems to
me that this is not a good behavior.
Thanks in advance for any explanation. As I am not
on the list, please CC any answer to larchey@loria.fr.
-- Dominique Larchey LORIA, Nancy, France Tel. (Work) +33 (0) 3 83 59 20 13----------------------------------------
# # Networking options # CONFIG_PACKET=m CONFIG_NETLINK=y CONFIG_RTNETLINK=y CONFIG_NETLINK_DEV=y # CONFIG_FIREWALL is not set # CONFIG_FILTER is not set CONFIG_UNIX=y CONFIG_INET=y # CONFIG_IP_MULTICAST is not set # CONFIG_IP_ADVANCED_ROUTER is not set # CONFIG_IP_PNP is not set # CONFIG_IP_ROUTER is not set # CONFIG_NET_IPIP is not set # CONFIG_NET_IPGRE is not set CONFIG_IP_ALIAS=y # CONFIG_ARPD is not set CONFIG_SYN_COOKIES=y CONFIG_INET_RARP=m CONFIG_SKB_LARGE=y # CONFIG_IPV6 is not set # CONFIG_IPX is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set # CONFIG_LAPB is not set # CONFIG_BRIDGE is not set # CONFIG_LLC is not set # CONFIG_ECONET is not set # CONFIG_WAN_ROUTER is not set # CONFIG_NET_FASTROUTE is not set # CONFIG_NET_HW_FLOWCONTROL is not set # CONFIG_CPU_IS_SLOW is not set
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/