Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Port based multi interface routing
Special Forums IP Networking Port based multi interface routing Post 302950543 by hyphan on Sunday 26th of July 2015 11:49:34 AM
Old 07-26-2015
Port based multi interface routing
Hello,

I wanted to setup routing certain traffic (http/s) out via a second (faster) interface, like described in the following docs (may not post urls):

linux-ip.net /html/adv-multi-internet.html
thegeekstuff.com /2014/08/add-route-ip-command/

I already had this working years ago on another server, but now it wont work correctly.

I have a second routing-table with a default route to the second interface.
I fwmark the http(s) traffic and set a rule that this traffic should use the special routing table.

And indeed the http traffic goes out via eth2 with the right src and destination, as I can see with tcpdump. A syn package [S] goes out - and a reply [S.] comes back in, to the right src ip / port. The firewall is completely open for input over the interface.

BUT, my host does not react to the incoming package [S.]. It does not continue with [.] (what would complete the three-way-handshake I guess, like I can see on other connections over the main interface). Instead after 1s it retries syn [S] and the remote host multiple times repeats its [S.] packages.

So what in all the world is going on? Why does the host's networking not react to the [S.] reply from the target? It's coming in, but not processed..

So strange!? Any relevant changes in Linux (Ubuntu 12.4 LTS) networking since I had such a setup running 5-8 years ago?

[The setup DOES work for traffic coming from outside over that interface, see from rule below!]

Thanks for any help / ideas!

-----------
Code:
root@mail:~# ip route show table backupline
default via 192.168.11.1 dev eth2
192.168.11.0/24 dev eth2  scope link  src 192.168.11.2
root@mail:~# ip rule show
0:      from all lookup local
32764:  from 192.168.11.0/24 lookup backupline
32765:  from all fwmark 0x2 lookup backupline
32766:  from all lookup main
32767:  from all lookup default

FW:
Chain INPUT (policy DROP 2275 packets, 156K bytes)
 pkts bytes target     prot opt in     out     source               destination 
57194 8286K ACCEPT     all  --  eth2   any     anywhere             anywhere    

tcpdump:
listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes
16:39:17.804014 IP 192.168.11.2.55082 > matar.ispgateway.de.http: Flags [S], seq 272158038, win 14600, options [mss 1460,sackOK,TS val 3849200035 ecr 0,nop,wscale 7], length 0
16:39:17.823292 IP matar.ispgateway.de.http > 192.168.11.2.55082: Flags [S.], seq 1589811596, ack 272158039, win 5792, options [mss 1460,sackOK,TS val 3505823144 ecr 3849200035,nop,wscale 7], length 0
16:39:18.802418 IP 192.168.11.2.55082 > matar.ispgateway.de.http: Flags [S], seq 272158038, win 14600, options [mss 1460,sackOK,TS val 3849200285 ecr 0,nop,wscale 7], length 0
16:39:18.818238 IP matar.ispgateway.de.http > 192.168.11.2.55082: Flags [S.], seq 1589811596, ack 272158039, win 5792, options [mss 1460,sackOK,TS val 3505823243 ecr 3849200035,nop,wscale 7], length 0
16:39:20.806390 IP 192.168.11.2.55082 > matar.ispgateway.de.http: Flags [S], seq 272158038, win 14600, options [mss 1460,sackOK,TS val 3849200786 ecr 0,nop,wscale 7], length 0
16:39:20.823308 IP matar.ispgateway.de.http > 192.168.11.2.55082: Flags [S.], seq 1589811596, ack 272158039, win 5792, options [mss 1460,sackOK,TS val 3505823444 ecr 3849200035,nop,wscale 7], length 0
16:39:21.428241 IP matar.ispgateway.de.http > 192.168.11.2.55082: Flags [S.], seq 1589811596, ack 272158039, win 5792, options [mss 1460,sackOK,TS val 3505823505 ecr 3849200035,nop,wscale 7], length 0

 

10 More Discussions You Might Find Interesting

1. IP Networking

Routing, Port Mapping, Internet Sharing etc etc

I'm running OS X. (OS X Server actually) and right now I use a program called BrickHouse to handle my router configuration. But this program kind of sucks. I'd much rather learn how to configure these programs manually. By these programs, I mean the programs OS X comes with to handle these jobs... (0 Replies)
Discussion started by: l008com
0 Replies

2. UNIX for Dummies Questions & Answers

Multi Network card interface problem

My system info is show below:- #uname -a SunOS qfserver 5.8 Generic_117350-29 sun4u sparc SUNW,Sun-Blade-2500 and I have two network card as shown below:- #ifconfig -a lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 bge0:... (1 Reply)
Discussion started by: sarifudin
1 Replies

3. IP Networking

redirect routing on non-default interface

Hello list membes I have a linux running firewall/router machine, connecting LAN to the internet with two interfaces (no load balancing or other connections). One is a fast connection with dynamic IP (ADSL) which is the default route, the other is a static IP (T3) connection (used for mail sever... (4 Replies)
Discussion started by: docawk
4 Replies

4. AIX

Multi Link Interface Runtime - where to download ?

Hello, I need "devices.common.IBM.ml 1.4.0.0 C F Multi Link Interface Runtime" to be installed on my machine. I need it for two SAN cards to work correctly. Where do I get it ? thanks Vilius (1 Reply)
Discussion started by: vilius
1 Replies

5. Programming

libcurl multi interface problem

Hello, I'm trying to use libcurl multi interface to fetch several data in parallel. I would expect this to be faster than performing repeated fetches using the easy interface, but for some reason I can't obtain any speed up at all: using the multi interface actually turns out to be MUCH slower than... (2 Replies)
Discussion started by: clalfa
2 Replies

6. SCO

Change SCO - GUI or Desktop interface to DOS based interface

Hi all I have installed a demo version of SCO OpenServer 5.0.2, I finally found it is Desktop Interface, I would like to know how to change its interface to dos based interface? If you have any ideas, please tell me then. Thank you (2 Replies)
Discussion started by: TinhNhi
2 Replies

7. IP Networking

DHCP Server on Vxworks multi interface question

Hi, We currently operate a DHCP Server on Vxworks system. It seems that the server is functioning only over the boot interface. While trying to use it on a different interface the DHCP client messages seems to reach the interface but stay without response. From a... (1 Reply)
Discussion started by: zohara
1 Replies

8. IP Networking

routing to two subnets from a multi-homed server

We have two subnets, say 'domA' (192.168.0.0/24) and 'domB' (10.10.0.0/16). These subnets are connected through the router 'router01'. One server 'base01' has two network cards, configured to domA and domB subnets respectively. Now let's consider a host host01.domA (192.168.0.5) trying to... (0 Replies)
Discussion started by: amriksk
0 Replies

9. Solaris

Traffic routing through wrong interface

Solaris-9 server is having one primary IP 10.41.161.14 on qfe0 and 10.41.116.0 on qfe3:1. Traffic is going through virtual interface instead of physical interface. How should I force traffic to go with primary interface. root@smtsrvn01:/# netstat -nr Routing Table: IPv4 Destination ... (2 Replies)
Discussion started by: solaris_1977
2 Replies

10. IP Networking

Facing issue in ip6table rule for port based routing management

Hi, Please help me on issue described below, I have 4 machine setup, M1 -> M2 -> M3 | M4. And A laptop that can be reachable through both M3 and M4. M2 has 2 NIC conected to M3 and M4. Now I want to divide the flow coming from M1 for laptop. At M2, I have done following,... (1 Reply)
Discussion started by: rahulbhansali24
1 Replies

LEARN ABOUT SUNOS

routing

routing(7P)							     Protocols							       routing(7P)

NAME

       routing - system support for packet network routing

DESCRIPTION

       The network facilities provide general packet routing. The routing interface described here can be used to maintain the system's IPv4 rout-
       ing table. It has been maintained for compatibility with older applications. The recommended interface for maintaining the system's routing
       tables  is  the routing socket, described at route(7P).	The routing socket can be used to manipulate both the IPv4 and IPv6 routing tables
       of the system. Routing table maintenance may be implemented in applications processes.

       A simple set of data structures compose a "routing table" used in selecting the appropriate network interface  when  transmitting  packets.
       This  table contains a single entry for each route to a specific network or host. The routing table was designed to support routing for the
       Internet Protocol (IP), but its implementation is protocol independent and thus it may serve other protocols as	well.  User  programs  may
       manipulate this data base with the aid of two ioctl(2) commands, SIOCADDRT and SIOCDELRT. These commands allow the addition and deletion of
       a single routing table entry, respectively. Routing table manipulations may only be carried out by privileged user.

       A routing table entry has the following form, as defined in /usr/include/net/route.h:

       struct rtentry {
	       unit_t	rt_hash;	       /* to speed lookups */
	       struct  sockaddr rt_dst;        /* key */
	       struct  sockaddr rt_gateway;    /* value */
	       short   rt_flags;	       /* up/down?, host/net */
	       short   rt_refcnt;	       /* # held references */
	       unit_t	rt_use; 	       /* raw # packets forwarded */
       /*
	* The kernel does not use this field, and without it the structure is
	* datamodel independent.
	*/
       #if !defined(_KERNEL)
	       struct  ifnet *rt_ifp;	       /* the answer: interface to use */
       #endif				       /* !defined(_KERNEL) */
       };

       with rt_flags defined from:

       #define RTF_UP 0x1	  /* route usable */
       #define RTF_GATEWAY 0x2	  /* destination is a gateway */
       #define RTF_HOST 0x4	  /* host entry (net otherwise) */

       There are three types of routing table entries: those for a specific host, those for all hosts on a specific network,  and  those  for  any
       destination not matched by entries of the first two types, called a  wildcard route.
	Each  network  interface installs a routing table entry when  it is initialized.  Normally the interface specifies if the route through it
       is a "direct" connection to the destination host or network. If the route is direct, the transport  layer  of  a  protocol  family  usually
       requests the packet be sent to the same host specified in the packet. Otherwise, the interface may be requested to address the packet to an
       entity different from the eventual recipient; essentially, the packet is forwarded.

       Routing table entries installed by a user process may not specify the hash, reference count, use, or interface fields; these are filled	in
       by  the routing routines. If a route is in use when it is deleted, meaning its rt_refcnt is non-zero, the resources associated with it will
       not be reclaimed until all references to it are removed.

       User processes read the routing tables through the /dev/ip device.

       The rt_use field contains the number of packets sent along the route. This value is used to select among multiple routes to the same desti-
       nation. When multiple routes to the same destination exist, the least used route is selected.

       A wildcard routing entry is specified with a  zero destination address value. Wildcard routes are used only when the system fails to find a
       route to the destination host and network. The combination of wildcard routes and routing redirects can provide an economical mechanism for
       routing traffic.

ERRORS

       EEXIST		       A request was made to duplicate an existing entry.

       ESRCH		       A request was made to delete a non-existent entry.

       ENOBUFS		       Insufficient resources were available to install a new route.

       ENOMEM		       Insufficient resources were available to install a new route.

       ENETUNREACH	       The gateway is not directly reachable.  For example, it does not match the destination/subnet on any of the network
			       interfaces.

FILES

       /dev/ip		       IP device driver

SEE ALSO

       route(1M), ioctl(2), route(7P)

SunOS 5.10							    9 Nov 1999							       routing(7P)
All times are GMT -4. The time now is 10:23 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy