Ubuntu refuses to route packets for public subnet through linknet

Question

I've run into the novel concept of routing through a linknet from my new ISP, and am currently trying to get a /28 routed properly on my Ubuntu 13.10 server. However, this is proving futile.

This is the routing table for the host:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         84-16-221.161.3 0.0.0.0         UG    0      0        0 eth0
84.16.211.48    *               255.255.255.240 U     0      0        0 eth1
84.16.221.160   *               255.255.255.224 U     0      0        0 eth0
192.168.1.0     *               255.255.255.0   U     0      0        0 eth1

IPTables (Managed by UFW):

root@router:/proc/sys/net/ipv4/conf/all# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ufw-before-logging-input  all  --  anywhere             anywhere
ufw-before-input  all  --  anywhere             anywhere
ufw-after-input  all  --  anywhere             anywhere
ufw-after-logging-input  all  --  anywhere             anywhere
ufw-reject-input  all  --  anywhere             anywhere
ufw-track-input  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ufw-before-logging-forward  all  --  anywhere             anywhere
ufw-before-forward  all  --  anywhere             anywhere
ufw-after-forward  all  --  anywhere             anywhere
ufw-after-logging-forward  all  --  anywhere             anywhere
ufw-reject-forward  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ufw-before-logging-output  all  --  anywhere             anywhere
ufw-before-output  all  --  anywhere             anywhere
ufw-after-output  all  --  anywhere             anywhere
ufw-after-logging-output  all  --  anywhere             anywhere
ufw-reject-output  all  --  anywhere             anywhere
ufw-track-output  all  --  anywhere             anywhere

ip_forwarding is turned on, and reverse path filtering is off in sysctl.

When running tcpdump on eth1 and attempting to ping the gateway of the subnet (84.16.211.49, which is the ip of eth1:1), I see no packets. Listening to eth0, I see the following:

root@router:/proc/sys/net/ipv4/conf/all# tcpdump -vvvi eth0 icmp
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
10:26:14.448663 IP (tos 0x0, ttl 51, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    isengard.localecho.net > gateway.big5.no: ICMP echo request, id 16188, seq 21, length 64
10:26:14.448714 IP (tos 0x0, ttl 64, id 1421, offset 0, flags [none], proto ICMP (1), length 84)
    gateway.big5.no > isengard.localecho.net: ICMP echo reply, id 16188, seq 21, length 64

Likewise, attempting to traceroute out from the gateway's address is futile:

root@router:/etc/ufw# traceroute -s 84.16.211.49 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  * * *
 2  * * *

Nothing shows up on tcpdump on neither eth0 or eth1 while attempting the above traceroute.

I'm at my wits end here, as is the network guy at the ISP. Anyone got some pointers?

Edit: adding information requested in comments.

root@router:/etc/ufw# arp -a
    84-16-211.62.3p.ntebredband.no (84.16.211.62) at <incomplete> on eth1
    ? (192.168.1.10) at 00:0c:29:9a:ca:c2 [ether] on eth1
    google-public-dns-a.google.com (8.8.8.8) at <incomplete> on eth1
    shop.big5.no (84.16.211.52) at <incomplete> on eth1
    ? (192.168.1.11) at 00:0c:29:21:7f:fc [ether] on eth1
    ? (192.168.1.150) at e0:3f:49:8f:b7:d2 [ether] on eth1
    mail.big5.no (84.16.211.50) at <incomplete> on eth1
    84-16-211.56.3p.ntebredband.no (84.16.211.56) at <incomplete> on eth1
    84-16-221.161.3p.ntebredband.no (84.16.221.161) at 84:78:ac:66:c7:bb [ether] on eth0
    gf.big5.no (84.16.211.53) at <incomplete> on eth1
    www.big5.no (84.16.211.51) at 00:0c:29:21:7f:fc [ether] on eth1
    ? (192.168.1.15) at 00:0c:29:87:05:79 [ether] on eth1
    84-16-211.57.3p.ntebredband.no (84.16.211.57) at <incomplete> on eth1
    84-16-211.54.3p.ntebredband.no (84.16.211.54) at <incomplete> on eth1
    84-16-211.60.3p.ntebredband.no (84.16.211.60) at <incomplete> on eth1
    84-16-211.58.3p.ntebredband.no (84.16.211.58) at <incomplete> on eth1
    www.vg.no (195.88.54.16) at <incomplete> on eth1
    ? (192.168.1.169) at e0:3f:49:8f:b7:dc [ether] on eth1
    84-16-211.55.3p.ntebredband.no (84.16.211.55) at <incomplete> on eth1
    84-16-211.61.3p.ntebredband.no (84.16.211.61) at <incomplete> on eth1
    84-16-211.59.3p.ntebredband.no (84.16.211.59) at <incomplete> on eth1

Output of ip route:

default via 84.16.221.161 dev eth0
84.16.211.48/28 dev eth1  proto kernel  scope link  src 84.16.211.49
84.16.221.160/27 dev eth0  proto kernel  scope link  src 84.16.221.163
192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.1

As far as I am aware, you can't address virtual interfaces in route? Thus, everything is on eth1. Including ifconfig output as well:

eth0      Link encap:Ethernet  HWaddr 00:10:a7:25:51:64
      inet addr:84.16.221.163  Bcast:255.255.255.255  Mask:255.255.255.224
      inet6 addr: fe80::210:a7ff:fe25:5164/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:385280 errors:0 dropped:0 overruns:0 frame:0
      TX packets:502991 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:65240032 (65.2 MB)  TX bytes:131127772 (131.1 MB)

eth1      Link encap:Ethernet  HWaddr 00:07:e9:74:d4:65
      inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
      inet6 addr: fe80::207:e9ff:fe74:d465/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:472809 errors:0 dropped:0 overruns:0 frame:0
      TX packets:440901 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:53655207 (53.6 MB)  TX bytes:84637672 (84.6 MB)

eth1:1    Link encap:Ethernet  HWaddr 00:07:e9:74:d4:65
      inet addr:84.16.211.49  Bcast:84.16.211.63  Mask:255.255.255.240
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

What do you see in your arp tables? And why isn't eth1:1 showing up in your routing tables? What do you get back from `ip route show`? — NickW, Aug 01 '14 at 08:57
root@router:/etc/ufw# ip route add 84.16.211.48/28 via 84.16.211.49 dev eth1:1 still results in a route being added for eth1. Same result, nothing gets routed. If there is a new style interface alias, I have not run into it, so please feel free to inform me about them. I'm not sure why it would directly affect this problem though? — Kenneth Aalberg, Aug 01 '14 at 18:08

Ubuntu refuses to route packets for public subnet through linknet

0 Answers0