[Openswan Users] locally generated traffic originating from eth0

Bob Miller bob at computerisms.ca
Fri Jan 14 13:53:45 EST 2011


This is a tad embarrassing.
I was talking on the phone and typing at the same time, I inadvertently
executed the command on an openswan firewall:
ifconfig eth0 1400
I was thinking on adjusting the mtu, instead I got locked out.  I got
the box rebooted, and eth0 received a dhcp offer and everything came
back.  Things seemed normal, a site-to-site vpn came up and users
reported no errors.  Until an l2tp connections was tried, then I
discovered loopback to loopback traffic was failing.  I traced the
problem down to local traffic being sent from eth0, as seen here:

(terminal 1)fw-ps:~# ping -I lo 127.0.0.1

(terminal 2)fw-ps:/var/log# tcpdump -n -i lo
listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
09:40:44.988414 IP 194.242.22.23 > 127.0.0.1: ICMP echo request, id
8706, seq 15, length 64
09:40:44.988449 IP 127.0.0.1 > 127.0.0.1: ICMP echo reply, id 8706, seq
15, length 64

I have compared the routing table to a box that doesn't have this
symptom, and found no differences I wasn't expecting (command I used was
`ip route list table local)`.  I have also compared eth0 and lo
interfaces using ifconfig and ip addr to a "normal" box, and also found
no differences.  I have tried it with pluto stopped and started.  I have
made no changes to the firewall rules for several months.  

Since the reply comes back via the proper route, I don't suspect this as
a bad route or an iptables problem (though I am far from ruling it out).
It seems that programs like ping and l2tpns (or maybe the shell itself?)
are sending out eth0, while the loopback, once it receives some traffic,
responds normally.  I think if it was routing or iptables, the reply
packets would do the same thing as the request packets.  

I have been researching and experimenting on this for a few days now, so
far I have found no way forward.  If you had described this situation to
me last week, I would have said it couldn't happen.  But there it is.  
I apologize for asking a non-openswan question (again), but this list is
probably the most savvy group of networkers I have access too.  Might
anyone have a suggestion as to how to rectify this?


Bob Miller
334-7117/660-5315
http://computerisms.ca
bob at computerisms.ca
Network, Internet, Server,
and Open Source Solutions



More information about the Users mailing list