Subject: Re: IP Forwarding works only when tcpdump'ing (1.4.2)
To: =?iso-8859-1?Q?P=E5llen?= <pollen@astrakan.hig.se>
From: Steven M. Bellovin <smb@research.att.com>
List: port-i386
Date: 05/22/2000 09:03:59
In message <Pine.NEB.4.21.0005220839310.6245-100000@ribston.astrakan.hig.=
se>, =3D
?iso-8859-1?Q?P=3DE5llen?=3D writes:
>Yes, you read it, and to me it sounds very strange.
>
>Using 1.4.2 kernel and two realtek 8139 nic's the gateway works when
>tcpdump is also listening to one of the interfaces. (Don't remember if i=
t
>does matter WHICH of the interfaces)
>
>I have an (what I think) almost exactly configured box which works. But
>that one has just one rl, the other interface is ne. That one works (ok,=

>it's NAT'ing, but that shouldn't matter for the forwarding.)
>
>When we kill tcpdump the forwarding is killed too.
>
>Any ideas with this one?

At a guess, the issue is that some machine whose traffic you're trying to=

forward has a bad ARP entry or other bad forwarding information.  The =

packet is thus not received by the gateway.  But by default, tcpdump
puts the interface in promiscuous mode, so it will receive everything.  =

The easiest way to test this is to run tcpdump with the -p option, =

which turns off promiscuous mode.  If it doesn't forward packets then, =

you'll have a better idea where to look.


		--Steve Bellovin