On 08. 01. 2023. 17:41, Guillaume Nault wrote:
On Sun, Jan 08, 2023 at 03:49:05PM +0100, Mirsad Goran Todorovac wrote:
On 08. 01. 2023. 15:04, Guillaume Nault wrote:
For some reasons, your host doesn't accept the VXLAN packets received over veth0. I guess there are some firewalling rules incompatible with this tests script.
That beats me. It is essentially a vanilla desktop AlmaLinux (CentOS fork) installation w 6.2-rc2 vanilla torvalds tree kernel.
Maybe DHCPv4+DHCPv6 assigned address got in the way?
I don't think so. The host sends an administratively prohibited error. That's not an IP address conflict (and the script uses reserved IP address ranges which shouldn't conflict with those assigned to regular host).
The problem looks more like what you get with some firewalling setup (like an "iptables XXX -j REJECT --reject-with icmp-admin-prohibited" command).
To eliminate that, the only rules that seem to be enabled are those automatic, as this is essentially a desktop machine. This reminds me that I forgot to install fail2ban, I thought it came with the system ...
[root@pc-mtodorov linux_torvalds]# iptables-save # Generated by iptables-save v1.8.4 on Sun Jan 8 18:50:53 2023 *filter :INPUT ACCEPT [15241235:25618772171] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [13209318:19634265528] :LIBVIRT_INP - [0:0] :LIBVIRT_OUT - [0:0] :LIBVIRT_FWO - [0:0] :LIBVIRT_FWI - [0:0] :LIBVIRT_FWX - [0:0] COMMIT # Completed on Sun Jan 8 18:50:53 2023 # Generated by iptables-save v1.8.4 on Sun Jan 8 18:50:53 2023 *security :INPUT ACCEPT [15163987:25613250223] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [13209319:19634265904] COMMIT # Completed on Sun Jan 8 18:50:53 2023 # Generated by iptables-save v1.8.4 on Sun Jan 8 18:50:53 2023 *raw :PREROUTING ACCEPT [15241455:25618791347] :OUTPUT ACCEPT [13209321:19634266304] COMMIT # Completed on Sun Jan 8 18:50:53 2023 # Generated by iptables-save v1.8.4 on Sun Jan 8 18:50:53 2023 *mangle :PREROUTING ACCEPT [15241455:25618791347] :INPUT ACCEPT [15241235:25618772171] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [13209322:19634266440] :POSTROUTING ACCEPT [13211416:19634553617] :LIBVIRT_PRT - [0:0] -A POSTROUTING -j LIBVIRT_PRT -A LIBVIRT_PRT -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill COMMIT # Completed on Sun Jan 8 18:50:53 2023 # Generated by iptables-save v1.8.4 on Sun Jan 8 18:50:53 2023 *nat :PREROUTING ACCEPT [282314:13237147] :INPUT ACCEPT [207948:8194212] :POSTROUTING ACCEPT [1351498:86025578] :OUTPUT ACCEPT [1351498:86025578] :LIBVIRT_PRT - [0:0] -A POSTROUTING -j LIBVIRT_PRT -A LIBVIRT_PRT -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN -A LIBVIRT_PRT -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN -A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 -A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 -A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE COMMIT # Completed on Sun Jan 8 18:50:53 2023 [root@pc-mtodorov linux_torvalds]# [root@pc-mtodorov linux_torvalds]# ip6tables-save # Generated by ip6tables-save v1.8.4 on Sun Jan 8 18:52:56 2023 *filter :INPUT ACCEPT [8458:771878] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [9605:895758] :LIBVIRT_INP - [0:0] :LIBVIRT_OUT - [0:0] :LIBVIRT_FWO - [0:0] :LIBVIRT_FWI - [0:0] :LIBVIRT_FWX - [0:0] -A INPUT -j LIBVIRT_INP -A FORWARD -j LIBVIRT_FWX -A FORWARD -j LIBVIRT_FWI -A FORWARD -j LIBVIRT_FWO -A OUTPUT -j LIBVIRT_OUT COMMIT # Completed on Sun Jan 8 18:52:56 2023 # Generated by ip6tables-save v1.8.4 on Sun Jan 8 18:52:56 2023 *security :INPUT ACCEPT [7327:586054] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [9605:895758] COMMIT # Completed on Sun Jan 8 18:52:56 2023 # Generated by ip6tables-save v1.8.4 on Sun Jan 8 18:52:56 2023 *raw :PREROUTING ACCEPT [10028:893325] :OUTPUT ACCEPT [9605:895758] COMMIT # Completed on Sun Jan 8 18:52:56 2023 # Generated by ip6tables-save v1.8.4 on Sun Jan 8 18:52:56 2023 *mangle :PREROUTING ACCEPT [9679:867735] :INPUT ACCEPT [8458:771878] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [9605:895758] :POSTROUTING ACCEPT [10500:1051905] :LIBVIRT_PRT - [0:0] -A POSTROUTING -j LIBVIRT_PRT COMMIT # Completed on Sun Jan 8 18:52:56 2023 # Generated by ip6tables-save v1.8.4 on Sun Jan 8 18:52:56 2023 *nat :PREROUTING ACCEPT [252:33745] :INPUT ACCEPT [105:21315] :POSTROUTING ACCEPT [2041:188025] :OUTPUT ACCEPT [2041:188025] :LIBVIRT_PRT - [0:0] -A POSTROUTING -j LIBVIRT_PRT COMMIT # Completed on Sun Jan 8 18:52:56 2023 [root@pc-mtodorov linux_torvalds]#
I can probably help with the l2tp.sh failure and maybe with the fcnal-test.sh hang. Please report them in their own mail thread.
Then I will Cc: you for sure on those two.
But I cannot promise that this will be today. In fact, tomorrow is prognosed rain so I'd better use the remaining blue-sky-patched day to do some biking ;-)
No hurry :)
:)