From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5a) Gecko/20030728 Mozilla Firebird/0.6.1 Description of problem: RHEL 3 machine is routing/forwarding to internal interfaces regardless of /proc/sys/net/ipv4/ip_forward value. Version-Release number of selected component (if applicable): kernel-2.4.9-e.38 How reproducible: Always Steps to Reproduce: scenario and equipment used: an RHL 7.3 box which is multi-homed, and an RHEL AS 3 system which is also multi-homed. neither of the machines are configured as routers. configuration basis of test: when using a client homed in one of the RHL 7.3/RHEL AS 3 LANS and using the relative local interface on the RHL 7.3/RHEL AS 3 server as the clients default gateway: Actual Results: pinging the opposing network interface of the multi-homed RHEL AS 3 machine shows that: the client can ping the opposing network interface regardless of ip_forward being active or inactive. Thus the machine is routing/forwarding across the internal bus to internal interfaces and ignoring the ip_forward disable. Expected Results: Expected results of a simple ping from a client to the opposing interface on the multi-homed machine using the RHL 7.3 machine as an example: when ip_forward is turned on it is possible to ping the other interface of the multi-homed RHL 7.3 machine When ip_forward is turned off it is not possible to ping the other interface of the multi-homed RHL 7.3 machine. Just to re-iterate: However this same scenario applied to the RHEL AS 3 machine shows that the client can ping the opposing network interface regardless of ip_forward being active or inactive. Additional info: I may be missing the point here: Is there a switch in /proc/sys/net/ipv4/ to mask interfaces from icmp echo requests (other than /proc/sys/net/ipv4/icmp_echo_ignore_all) and subsequent network traffic for a multi-homed machine that is NOT configured as a router and thus provide the same results as the RHL 7.3 tests?
Kernel version 2.4.9-e.38 refers to RHEL AS 2.1, not 3. Could you please confirm which information is correct, the kernel version or the release you've specified? (I've tentatively changed the bug's product version and added our 2.1 maintainter to the cc: list.) Thanks. -ernie
many apologies, the kernel version should reflect: 2.4.21-9EL The version of Red Hat displaying the problem is RHEL ES version 3 I have reverted the version accordingly. Thanks Roger
Ok, thanks. -ernie
This is expected behavior. When the kernel sends a packet out, it checks whether the destination is an address assigned to one of the systems interfaces. If so, it simply passes the packet over the loopback interface and receives it, it never actually goes onto the physical network.