Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
kernel forwarding fails after any network change...
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Brane2
n00b
n00b


Joined: 03 Jul 2011
Posts: 37

PostPosted: Mon May 04, 2015 5:33 pm    Post subject: kernel forwarding fails after any network change... Reply with quote

I have started noticing lately strange error on my server/firewall/router/nat box.

It works fine until it detects any network change on local ports. Like connection or disconnection of new machine etc. Then it stops forwading traffic.

For example, sitting at my workstation I can normally ping out. My ping goes in the box, gets forwarded, snated and conntracked obvoiously fine.

But If I pull ethernet jack out of my NIC on workstation for just a second and plug it back in, server stops forward completely.

NIC works just fine and even after that I can ping server. It's just that _complete_ forward traffic on server stops ( even for other clients).

When I disable_enable forwarding, it starts working fine again :

Quote:
echo "0" > /proc/sys/net/ipv4/ip_forward ; echo "1" > /proc/sys/net/ipv4/ip_forward


Server is PHenom 955 quad core with 8 GiB of RAM, with 3 2TB drives in RAID5 that boots from internal USB stick.

Gentoo is 64-bit fresh with gcc-4.9.2 and gentoo-sources-3.19.6 kernel
I use default/linux/amd64/13.0 profile
_________________
On the journey of life I chose the psycho path...
Back to top
View user's profile Send private message
Brane2
n00b
n00b


Joined: 03 Jul 2011
Posts: 37

PostPosted: Mon May 04, 2015 7:40 pm    Post subject: Reply with quote

One more thing- it doesn't seem to depend on iptables firewall rules.

I tried using trivial ruleset that accepts and forwards everything without filtering and it behaves the same.
_________________
On the journey of life I chose the psycho path...
Back to top
View user's profile Send private message
Brane2
n00b
n00b


Joined: 03 Jul 2011
Posts: 37

PostPosted: Mon May 04, 2015 7:48 pm    Post subject: Reply with quote

And one more detail just in case it si significant, all NICs behind the firewall are based on Intel's 82574L chip (e1000e original open_source in-kernel driver)

Intel's stuff is excelent and I never had a single issue with them, but just in case...
_________________
On the journey of life I chose the psycho path...
Back to top
View user's profile Send private message
Brane2
n00b
n00b


Joined: 03 Jul 2011
Posts: 37

PostPosted: Mon May 04, 2015 9:32 pm    Post subject: Reply with quote

Update:

It seems to work much better with a simple switch between server and each client.


It is as if loss of carrier on the NIC trips up the FORWARD mechanism.
_________________
On the journey of life I chose the psycho path...
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum