On Fri, Mar 04, 2005 at 11:40:25AM +0100, Quentin Garnier wrote:
> > They are on the same segment.. vlan3 is on 192.168.192/20 which includes
> > 204 and 205. Does this matter though? It seems the redirect is fired, just
> > sideways..
> 
> Your network geometry is somewhat special.
> 
> 204.6 is trying to reach 205.130 through 204.62, all of them being on the
> same LAN segment.
> 
> So I guess you specifically added a route on 204.6 to make it use 204.62
> instead of directly reaching 205.130.  Am I right?

Yes you are :-)  Actually most machines are on 204/24, and the servers
were on 205/24. Now we need a /20, so moved the servers to 0/20, leaving
the 204/24 boxen on essentially 204/20, otherwise known as 192/20. So,
204.6 is just using its old gw 204.62. At that point we can say
"redirect 205/24 server to 0/20"

> If so, the real question is whether IPF should pick up the packet before
> the stack sends a redirect for it or not.

I don't think so..

> Reading source makes me think it should pick up the packet, so for some
> reason IPF doesn't work.

That's my impression, and it seems the redirect happens, its just that
it seems to be redirected to its source address :-/

> ipnat -l does list the rules?  is ipf active?

yes and yes..

> > (In the meantime things are working with a nasty DNS hack instead..)
> 
> Well, the route addition is nastier IMHO.

Well, it was more of a "route left alone and not disturbed" ;-)


Cheers,

Patrick