# Routing tables with kernel 4.4

## BlueFusion

I've discovered an odd thing on one of my PCs after upgrading from 4.1.12 to 4.4 kernel...

The following are used on this PC to allow SSH connections from the LAN and the WAN.  WAN access (outbound) is restricted to via VPN-only, so this exemption must be added to allow SSH connections to establish when remotely logging in from the internet.

 *Quote:*   

> iptables -A OUTPUT -t mangle -p tcp --sport 22 -j MARK --set-mark=1
> 
> sysctl -w net.ipv4.conf.bond0.rp_filter=0
> 
> ip route add default via 10.2.1.1 dev bond0 table novpn
> ...

 

On kernel 4.4, everything else being the same commands and software versions, I often get one the following errors when attempting to SSH into this box when the firewall and VPN are active.

 *Quote:*   

> ssh_exchange_identification: read: Connection reset by peer
> 
> write: Connection reset by peer

 

I say often, because if I keep persisting, eventually it will connect and everything works fine.  This only happens to SSH, all other connections having no connection issues.  It usually takes between 7 to 15 attempts to get SSH to establish a connection.

On a hunch, I rebooted back into 4.1.12 kernel (gentoo-sources), and it worked perfect again without any other changes.

Is there a change in how routing tables are handled in the later kernels or is this a bug?

----------

## hydrapolic

I also have this problem. It really seems like only the starting of the ssh communication is working weird, once connected it works just fine.

Can you please share your /etc/conf.d/net? My configuration is:

```

config_eth0="null"

config_eth1="null"

slaves_bond0="eth0 eth1"

config_bond0="null"

bridge_xenbr0="bond0"

config_xenbr0="10.1.1.2/24"

routes_xenbr0="default via 10.1.1.1"

dns_servers_xenbr0="10.1.1.1"

dns_domain_xenbr0="example.com"

```

----------

## BlueFusion

Sure thing, here's my /etc/conf.d/net:

 *Quote:*   

> config_eth0="null"
> 
> config_eth1="null"
> 
> config_eth2="null"
> ...

 

IP is assigned by DHCP on my router.  I have 3 bonded NICs to a Netgear "Smart" switch which has the LAG configured.

 *Quote:*   

> rich@phoenix ~ $ ifconfig bond0
> 
> bond0: flags=5187<UP,BROADCAST,RUNNING,MASTER,MULTICAST>  mtu 1500
> 
>         inet 10.2.1.12  netmask 255.255.255.0  broadcast 10.2.1.255
> ...

 

 *Quote:*   

> rich@phoenix ~ $ cat /proc/net/bonding/bond0 
> 
> Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
> 
> Bonding Mode: IEEE 802.3ad Dynamic link aggregation
> ...

 

----------

## hydrapolic

Hi @BlueFusion, what hardware do you run that on? On my side it's a Supermicro X10DRW with igb networking (Intel PCI-Express Gigabit Ethernet).

I've tested disabling the bond, removing iptables, didn't help.

----------

## hydrapolic

You can share your experience: https://bugzilla.kernel.org/show_bug.cgi?id=111041

----------

## hydrapolic

I cannot reproduce this anymore on 4.4.6, can you?

----------

