TransWikia.com

Two Interfaces and lost packages

Super User Asked by cicekadam on July 26, 2020

I have two ethernet interfaces named enp1s0f0 and enp1s0f1. They have ip addresses from same subnet (don’t think it matters tho). Here is scenario:

My distro is Centos8

I have done "echo 1 > /proc/sys/net/ipv4/ip_forward"

enp1s0f0 has x.y.z.236
enp1s0f1 has x.y.z.237

i have written ip rule

[root@localhost ~]# ip rule list
0:      from all lookup local
32762:  from all to x.y.z.237 lookup 237

and my additional routing table 237

[root@localhost ~]# ip route list table 237
default via x.y.z.254 dev enp1s0f1
x.y.z.0/24 dev enp1s0f1 scope link src x.y.z.237

Here is my problem: first interface works well, for second interface i can see coming packets by tcpdump but nftables counters are not counting up. For example an ssh connection just go timeout. I have tried "meta nftrace set 1" for input and forward hooks but nothing passes here too.

Here is my tcpdump out:

[root@localhost ~]# tcpdump -i enp1s0f1 port 22 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp1s0f1, link-type EN10MB (Ethernet), capture size 262144 bytes
17:13:01.305452 IP x.y.z.3.52229 > x.y.z.237.ssh: Flags [S], seq 2642985606, win 8192, options [mss 1428,nop,wscale 8,nop,nop,sackOK], length 0
17:13:04.305689 IP x.y.z.3.52229 > x.y.z.237.ssh: Flags [S], seq 2642985606, win 8192, options [mss 1428,nop,wscale 8,nop,nop,sackOK], length 0
17:13:10.306349 IP x.y.z.3.52229 > x.y.z.237.ssh: Flags [S], seq 2642985606, win 8192, options [mss 1428,nop,nop,sackOK], length 0

And here is my nftables rules:

table ip filter {
        chain INPUT {
                type filter hook input priority filter; policy accept;
                ip daddr x.y.z.237 tcp dport 22 meta nftrace set 1 counter packets 0 bytes 0


        chain FORWARD {
                type filter hook forward priority filter; policy accept;
                counter packets 0 bytes 0 accept

        chain OUTPUT {
                type filter hook output priority filter; policy accept;
                ip saddr x.y.z.236 tcp sport 22 counter packets 383 bytes 102888 accept
                ip saddr x.y.z.237 tcp sport 22 counter packets 0 bytes 0 accept

What am i missing? Where my packages go?

centos 8linuxnetworkingnftables

One Answer

I figured it out. When I added ip rule add from x.y.z.237/32 table 237 it worked. Didn't understand why tho :D But it does the job, so no problem.

Answered by cicekadam on July 26, 2020

Add your own answers!

Ask a Question

Get help from others!

Recent Questions

Recent Answers

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP