Ping replies will always return via the default route. On February 3, 2017 9:55:07 AM GMT+01:00, Wolfgang Bumiller <w.bumil...@proxmox.com> wrote: >> On February 2, 2017 at 10:03 PM Detlef Bracker <brac...@1awww.com> >wrote: >> I thing so, thats a bug! > >No. A misconfiguration. > >> A ping from outside to the LXC-containers to all NICs works fine! >> >> A ping from console via the NICs 2-.... is not possible! So, this can >> been a big problem, when a daemon will send from the NICs 2- .... >> >> ping 8.8.8.8 -I eth0 works fine >> ping 8.8.8.8 -I eth1 Destination Host Unreachable >> ping 8.8.8.8 -I eth2 Destination Host Unreachable >> ping 8.8.8.8 -I eth3 Destination Host Unreachable > >First a general suggestion: >Please use `tcpdump` to see if the packets even make it to their >destination >and where the responses actually get lost. > >As for what you described: You're not providing enough details to give >a >complete analysis of the problem (what are these nics, what are they >connected to, is it from within a container? are all eth* on the same >bridge? Are vlans involved? ...). > >However, I'll try to give you a few pointers: > >If ping works through eth0 then it is very likely that the >ping-*replies* >*always* actually come back through eth0 even if you initiate them via >eth1/2/3. >Depending on how `/bin/ping` uses the interface when you use the `-I` >switch, this may even always fail. However, it could also simply be >subject >to `reverse path filtering`: >If reverse path filtering is set to `1` then packets coming from an >interface other than the expected one are considered an error and will >be dropped. >See these sysctl values: > sysctl net.ipv4.conf.all.rp_filter > sysctl net.ipv4.conf.eth0.rp_filter > sysctl net.ipv4.conf.eth1.rp_filter > sysctl net.ipv4.conf.eth2.rp_filter > sysctl net.ipv4.conf.eth3.rp_filter >If they are `1`, then try `2`. I strongly discourage the use of `0`. > >Then of course it could be a firewall issue, or an issue elsewhere: >vlans, >bridge ports, gateways, cables... > >_______________________________________________ >pve-devel mailing list >pve-devel@pve.proxmox.com >http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
-- Sent from my Android phone with K-9 Mail. Please excuse my brevity. _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
