Port based multi interface routing


 
Thread Tools Search this Thread
Special Forums IP Networking Port based multi interface routing
# 1  
Old 07-26-2015
Port based multi interface routing

Hello,

I wanted to setup routing certain traffic (http/s) out via a second (faster) interface, like described in the following docs (may not post urls):

linux-ip.net /html/adv-multi-internet.html
thegeekstuff.com /2014/08/add-route-ip-command/

I already had this working years ago on another server, but now it wont work correctly.

I have a second routing-table with a default route to the second interface.
I fwmark the http(s) traffic and set a rule that this traffic should use the special routing table.

And indeed the http traffic goes out via eth2 with the right src and destination, as I can see with tcpdump. A syn package [S] goes out - and a reply [S.] comes back in, to the right src ip / port. The firewall is completely open for input over the interface.

BUT, my host does not react to the incoming package [S.]. It does not continue with [.] (what would complete the three-way-handshake I guess, like I can see on other connections over the main interface). Instead after 1s it retries syn [S] and the remote host multiple times repeats its [S.] packages.

So what in all the world is going on? Why does the host's networking not react to the [S.] reply from the target? It's coming in, but not processed..

So strange!? Any relevant changes in Linux (Ubuntu 12.4 LTS) networking since I had such a setup running 5-8 years ago?

[The setup DOES work for traffic coming from outside over that interface, see from rule below!]

Thanks for any help / ideas!

-----------
Code:
root@mail:~# ip route show table backupline
default via 192.168.11.1 dev eth2
192.168.11.0/24 dev eth2  scope link  src 192.168.11.2
root@mail:~# ip rule show
0:      from all lookup local
32764:  from 192.168.11.0/24 lookup backupline
32765:  from all fwmark 0x2 lookup backupline
32766:  from all lookup main
32767:  from all lookup default

FW:
Chain INPUT (policy DROP 2275 packets, 156K bytes)
 pkts bytes target     prot opt in     out     source               destination 
57194 8286K ACCEPT     all  --  eth2   any     anywhere             anywhere    

tcpdump:
listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes
16:39:17.804014 IP 192.168.11.2.55082 > matar.ispgateway.de.http: Flags [S], seq 272158038, win 14600, options [mss 1460,sackOK,TS val 3849200035 ecr 0,nop,wscale 7], length 0
16:39:17.823292 IP matar.ispgateway.de.http > 192.168.11.2.55082: Flags [S.], seq 1589811596, ack 272158039, win 5792, options [mss 1460,sackOK,TS val 3505823144 ecr 3849200035,nop,wscale 7], length 0
16:39:18.802418 IP 192.168.11.2.55082 > matar.ispgateway.de.http: Flags [S], seq 272158038, win 14600, options [mss 1460,sackOK,TS val 3849200285 ecr 0,nop,wscale 7], length 0
16:39:18.818238 IP matar.ispgateway.de.http > 192.168.11.2.55082: Flags [S.], seq 1589811596, ack 272158039, win 5792, options [mss 1460,sackOK,TS val 3505823243 ecr 3849200035,nop,wscale 7], length 0
16:39:20.806390 IP 192.168.11.2.55082 > matar.ispgateway.de.http: Flags [S], seq 272158038, win 14600, options [mss 1460,sackOK,TS val 3849200786 ecr 0,nop,wscale 7], length 0
16:39:20.823308 IP matar.ispgateway.de.http > 192.168.11.2.55082: Flags [S.], seq 1589811596, ack 272158039, win 5792, options [mss 1460,sackOK,TS val 3505823444 ecr 3849200035,nop,wscale 7], length 0
16:39:21.428241 IP matar.ispgateway.de.http > 192.168.11.2.55082: Flags [S.], seq 1589811596, ack 272158039, win 5792, options [mss 1460,sackOK,TS val 3505823505 ecr 3849200035,nop,wscale 7], length 0

Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. IP Networking

Facing issue in ip6table rule for port based routing management

Hi, Please help me on issue described below, I have 4 machine setup, M1 -> M2 -> M3 | M4. And A laptop that can be reachable through both M3 and M4. M2 has 2 NIC conected to M3 and M4. Now I want to divide the flow coming from M1 for laptop. At M2, I have done following,... (1 Reply)
Discussion started by: rahulbhansali24
1 Replies

2. Solaris

Traffic routing through wrong interface

Solaris-9 server is having one primary IP 10.41.161.14 on qfe0 and 10.41.116.0 on qfe3:1. Traffic is going through virtual interface instead of physical interface. How should I force traffic to go with primary interface. root@smtsrvn01:/# netstat -nr Routing Table: IPv4 Destination ... (2 Replies)
Discussion started by: solaris_1977
2 Replies

3. IP Networking

routing to two subnets from a multi-homed server

We have two subnets, say 'domA' (192.168.0.0/24) and 'domB' (10.10.0.0/16). These subnets are connected through the router 'router01'. One server 'base01' has two network cards, configured to domA and domB subnets respectively. Now let's consider a host host01.domA (192.168.0.5) trying to... (0 Replies)
Discussion started by: amriksk
0 Replies

4. IP Networking

DHCP Server on Vxworks multi interface question

Hi, We currently operate a DHCP Server on Vxworks system. It seems that the server is functioning only over the boot interface. While trying to use it on a different interface the DHCP client messages seems to reach the interface but stay without response. From a... (1 Reply)
Discussion started by: zohara
1 Replies

5. SCO

Change SCO - GUI or Desktop interface to DOS based interface

Hi all I have installed a demo version of SCO OpenServer 5.0.2, I finally found it is Desktop Interface, I would like to know how to change its interface to dos based interface? If you have any ideas, please tell me then. Thank you (2 Replies)
Discussion started by: TinhNhi
2 Replies

6. Programming

libcurl multi interface problem

Hello, I'm trying to use libcurl multi interface to fetch several data in parallel. I would expect this to be faster than performing repeated fetches using the easy interface, but for some reason I can't obtain any speed up at all: using the multi interface actually turns out to be MUCH slower than... (2 Replies)
Discussion started by: clalfa
2 Replies

7. AIX

Multi Link Interface Runtime - where to download ?

Hello, I need "devices.common.IBM.ml 1.4.0.0 C F Multi Link Interface Runtime" to be installed on my machine. I need it for two SAN cards to work correctly. Where do I get it ? thanks Vilius (1 Reply)
Discussion started by: vilius
1 Replies

8. IP Networking

redirect routing on non-default interface

Hello list membes I have a linux running firewall/router machine, connecting LAN to the internet with two interfaces (no load balancing or other connections). One is a fast connection with dynamic IP (ADSL) which is the default route, the other is a static IP (T3) connection (used for mail sever... (4 Replies)
Discussion started by: docawk
4 Replies

9. UNIX for Dummies Questions & Answers

Multi Network card interface problem

My system info is show below:- #uname -a SunOS qfserver 5.8 Generic_117350-29 sun4u sparc SUNW,Sun-Blade-2500 and I have two network card as shown below:- #ifconfig -a lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 bge0:... (1 Reply)
Discussion started by: sarifudin
1 Replies

10. IP Networking

Routing, Port Mapping, Internet Sharing etc etc

I'm running OS X. (OS X Server actually) and right now I use a program called BrickHouse to handle my router configuration. But this program kind of sucks. I'd much rather learn how to configure these programs manually. By these programs, I mean the programs OS X comes with to handle these jobs... (0 Replies)
Discussion started by: l008com
0 Replies
Login or Register to Ask a Question