For some reason "ping -I br1 10.0.0.2" works but "ip netns exec vpn ping -I veth1 10.0.0.2" doesn't. This server is set up as a router. Also "ip netns exec vpn ping -I veth1 google.com" works. "ip netns exec vpn ping -b -I veth1 10.0.0.255" doesn't even work, but "ping -b -I br1 10.0.0.255" does. What am I doing wrong?
ifconfig
Code:
br0 Link encap:Ethernet HWaddr 00:1e:67:ad:9e:1d
inet addr:79.35.187.235 Bcast:255.255.255.255 Mask:255.255.254.0
inet6 addr: fe80::21e:67ff:fead:9e1d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2311516 errors:0 dropped:0 overruns:0 frame:0
TX packets:120248768 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3201074916 (3.2 GB) TX bytes:7619823231 (7.6 GB)
br1 Link encap:Ethernet HWaddr 00:1e:67:ad:9e:1e
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::21e:67ff:fead:9e1e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1250273 errors:0 dropped:0 overruns:0 frame:0
TX packets:133642410 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3831971332 (3.8 GB) TX bytes:17590909099 (17.5 GB)
em1 Link encap:Ethernet HWaddr 00:1e:67:ad:9e:1d
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2795324 errors:0 dropped:0 overruns:0 frame:0
TX packets:119889487 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3265375971 (3.2 GB) TX bytes:7597181742 (7.5 GB)
Memory:b1200000-b1280000
em2 Link encap:Ethernet HWaddr 00:1e:67:ad:9e:1e
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3558381 errors:0 dropped:0 overruns:0 frame:0
TX packets:137716266 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3977055494 (3.9 GB) TX bytes:17816302044 (17.8 GB)
Memory:b1100000-b1180000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:197154428 errors:0 dropped:0 overruns:0 frame:0
TX packets:197154428 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:21894027109 (21.8 GB) TX bytes:21894027109 (21.8 GB)
veth0 Link encap:Ethernet HWaddr 12:1e:d6:dd:58:d5
inet6 addr: fe80::101e:d6ff:fedd:58d5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:42 errors:0 dropped:0 overruns:0 frame:0
TX packets:131111502 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3644 (3.6 KB) TX bytes:8260571728 (8.2 GB)
brctl show br0
Code:
bridge name bridge id STP enabled interfaces
br0 8000.001e67ad9e1d no em1
brctl show br1
Code:
bridge name bridge id STP enabled interfaces
br1 8000.001e67ad9e1e no em2
veth0
ip netns exec vpn ifconfig
Code:
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
veth1 Link encap:Ethernet HWaddr 42:4c:ad:25:34:b4
inet addr:10.0.0.254 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::404c:adff:fe25:34b4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:131111583 errors:0 dropped:0 overruns:0 frame:0
TX packets:42 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:8260577350 (8.2 GB) TX bytes:3644 (3.6 KB)
Here is the routing script
Code:
echo -e "\n\nLoading simple rc.firewall-iptables version $FWVER..\n"
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe
EXTIF="br0"
INTIF="br1"
#INTIF2="eth0"
echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"
#======================================================================
#== No editing beyond this line is required for initial MASQ testing ==
echo -en " loading modules: "
echo " - Verifying that all kernel modules are ok"
$DEPMOD -a
echo "----------------------------------------------------------------------"
echo -en "ip_tables, "
$MODPROBE ip_tables
echo -en "nf_conntrack, "
$MODPROBE nf_conntrack
echo -en "nf_conntrack_ftp, "
$MODPROBE nf_conntrack_ftp
echo -en "nf_conntrack_irc, "
$MODPROBE nf_conntrack_irc
echo -en "iptable_nat, "
$MODPROBE iptable_nat
echo -en "nf_nat_ftp, "
$MODPROBE nf_nat_ftp
echo "----------------------------------------------------------------------"
echo -e " Done loading modules.\n"
echo " Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo " Enabling DynamicAddr.."
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo " Clearing any existing rules and setting default policy.."
iptables-restore <<-EOF
*nat
-A POSTROUTING -o "$EXTIF" -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A FORWARD -i "$EXTIF" -o "$INTIF" -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i "$INTIF" -o "$EXTIF" -j ACCEPT
-A FORWARD -j LOG
COMMIT
EOF
echo -e "\nrc.firewall-iptables v$FWVER done.\n"
