Tank to help in case.
I'm very confused.
I figured exactly you what you commented.
MWG eth0/eth1 not forwarding.
Default gateway perfectly configured "172.29.0.1", and response ping the interface eth0 normally, do not respond ping the interface eth1.
Actually, this is what happens, by ssh logged in MWG execute ping between interfaces and not responses.
Ping 172.30.8.4 ----> 172.29.0.117 or ping 172.29.0.117 not responding
"- the default GW of MWG
- the value of "cat /proc/sys/net/ipv4/ip_forward" (execute via SSH on appliance)"
This is the file value 0 (zero)
I imagined it could be even a bug in version, or to be a problem WMG about VMware, however in my tests in another version or on fisic appliances the problem persists, what appears is that the forwarding is not enabled. All in tests the file "/proc/sys/net/ipv4/ip_forward" = 0 (zero).
with manual intervention works.
# modprobe iptable_nat
# echo 1 > /proc/sys/net/ipv4/ip_forward
# iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE #
# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
okay, having IP forward enabled of course is vital for a router. Since it is set to 0 on your MWG I assume there is probably a problem with your configuration.
Please note that IP forward is enabled when you make a cluster member a "director", by increasing the director priority to > 0.
Can you verify that this is done in your configuration? I am not really sure if you need to set up a virtual IP, but certainly you have to make one node a director in order to use Transparent Router mode. The ip_forward stays 0 if a node is not a director.
Note: In case you manually added some iptables rules I recommend to reboot to wipe out all the manual changes, as it should work without manual intervention.
Thank you for reply Andre,
What you said makes perfect sense.
In the specific case we have only one box, I imagined it was not necessary in this case we have only one appliance without redundancy.
I will do the tests now late in the environment and post here what happened.
please note that this is most likely not the final solution... it is just the first step on moving forward 🙂 If it doesn't work, please capture some more packet captures as you did earlier and attach them.
Thank God, this was the final step to solving the problem:-)
Are here is a tip for anyone who wants to use the Transparent Router mode, even if no more than one in MWG structure should enable priority director to> 0 so it makes the forwarding.
I emphasize also that the ping between interfaces does not work, but customers are browsing and applying the rules normally.
Andre, thank very much for your help me!!!
Case closed, thanks to your help.
cool, thank you for letting us know.Unfortunately the setup is not always trivial or obvious... and on top sometimes it is not even documented, but we continue improving product and documentation. I will review the documentation and see if there is such a note, if not I will ask to have this node added.
A KB article also may make sense but whatever we document someone else will definitely run into this or a similar trap - that's why we try to help here 🙂