Subject: Re: IP Forwarding works only when tcpdump'ing (1.4.2)
To: =?iso-8859-1?Q?P=E5llen?= <pollen@astrakan.hig.se>
From: Steven M. Bellovin <smb@research.att.com>
List: port-i386
Date: 05/22/2000 09:03:59
In message <Pine.NEB.4.21.0005220839310.6245-100000@ribston.astrakan.hig.=
se>, =3D
?iso-8859-1?Q?P=3DE5llen?=3D writes:
>Yes, you read it, and to me it sounds very strange.
>
>Using 1.4.2 kernel and two realtek 8139 nic's the gateway works when
>tcpdump is also listening to one of the interfaces. (Don't remember if i=
t
>does matter WHICH of the interfaces)
>
>I have an (what I think) almost exactly configured box which works. But
>that one has just one rl, the other interface is ne. That one works (ok,=
>it's NAT'ing, but that shouldn't matter for the forwarding.)
>
>When we kill tcpdump the forwarding is killed too.
>
>Any ideas with this one?
At a guess, the issue is that some machine whose traffic you're trying to=
forward has a bad ARP entry or other bad forwarding information. The =
packet is thus not received by the gateway. But by default, tcpdump
puts the interface in promiscuous mode, so it will receive everything. =
The easiest way to test this is to run tcpdump with the -p option, =
which turns off promiscuous mode. If it doesn't forward packets then, =
you'll have a better idea where to look.
--Steve Bellovin