icmp request received, but doesn't reply
I set up 3 CentOS servers, configured server2 as router between 192.168.1.0/24 and 30.0.0.0/24, but ping can't get through.
I tried ping 192.168.1.62 from server1, according to tcpdump on server3, ICMP request is received, but it doesn't generate ICMP response.
23:36:06.436243 IP 30.0.0.2 > 192.168.1.62: ICMP echo request, id 23570, seq 2838, length 64
23:36:07.436212 IP 30.0.0.2 > 192.168.1.62: ICMP echo request, id 23570, seq 2839, length 64
Setup
Serversserver1:
- eth0 - 30.0.0.2
server2:
- eth0 - 192.168.1.61
- eth0:0 - 30.0.0.1
server3:
- eth0 - 192.168.1.62
route info on server1:
- 0.0.0.0 30.0.0.1
route info on server3:
- 30.0.0.0/24 192.168.1.61
Answer
I was receiving ICMP packets but did not see them go out. The problem was related to the traffic traversing multiple interfaces and reverse path filtering being on by default...
I've enabled martian source logging first:
$ echo 1 >/proc/sys/net/ipv4/conf/eth2/log_martians
Then there are several options for what to do with them... I'm enabling loosely handling them:
$ sysctl net.ipv4.conf.all.rp_filter=2
See these for details: