Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Port based multi interface routing
Special Forums IP Networking Port based multi interface routing Post 302950543 by hyphan on Sunday 26th of July 2015 11:49:34 AM
Old 07-26-2015
Port based multi interface routing
Hello,

I wanted to setup routing certain traffic (http/s) out via a second (faster) interface, like described in the following docs (may not post urls):

linux-ip.net /html/adv-multi-internet.html
thegeekstuff.com /2014/08/add-route-ip-command/

I already had this working years ago on another server, but now it wont work correctly.

I have a second routing-table with a default route to the second interface.
I fwmark the http(s) traffic and set a rule that this traffic should use the special routing table.

And indeed the http traffic goes out via eth2 with the right src and destination, as I can see with tcpdump. A syn package [S] goes out - and a reply [S.] comes back in, to the right src ip / port. The firewall is completely open for input over the interface.

BUT, my host does not react to the incoming package [S.]. It does not continue with [.] (what would complete the three-way-handshake I guess, like I can see on other connections over the main interface). Instead after 1s it retries syn [S] and the remote host multiple times repeats its [S.] packages.

So what in all the world is going on? Why does the host's networking not react to the [S.] reply from the target? It's coming in, but not processed..

So strange!? Any relevant changes in Linux (Ubuntu 12.4 LTS) networking since I had such a setup running 5-8 years ago?

[The setup DOES work for traffic coming from outside over that interface, see from rule below!]

Thanks for any help / ideas!

-----------
Code:
root@mail:~# ip route show table backupline
default via 192.168.11.1 dev eth2
192.168.11.0/24 dev eth2  scope link  src 192.168.11.2
root@mail:~# ip rule show
0:      from all lookup local
32764:  from 192.168.11.0/24 lookup backupline
32765:  from all fwmark 0x2 lookup backupline
32766:  from all lookup main
32767:  from all lookup default

FW:
Chain INPUT (policy DROP 2275 packets, 156K bytes)
 pkts bytes target     prot opt in     out     source               destination 
57194 8286K ACCEPT     all  --  eth2   any     anywhere             anywhere    

tcpdump:
listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes
16:39:17.804014 IP 192.168.11.2.55082 > matar.ispgateway.de.http: Flags [S], seq 272158038, win 14600, options [mss 1460,sackOK,TS val 3849200035 ecr 0,nop,wscale 7], length 0
16:39:17.823292 IP matar.ispgateway.de.http > 192.168.11.2.55082: Flags [S.], seq 1589811596, ack 272158039, win 5792, options [mss 1460,sackOK,TS val 3505823144 ecr 3849200035,nop,wscale 7], length 0
16:39:18.802418 IP 192.168.11.2.55082 > matar.ispgateway.de.http: Flags [S], seq 272158038, win 14600, options [mss 1460,sackOK,TS val 3849200285 ecr 0,nop,wscale 7], length 0
16:39:18.818238 IP matar.ispgateway.de.http > 192.168.11.2.55082: Flags [S.], seq 1589811596, ack 272158039, win 5792, options [mss 1460,sackOK,TS val 3505823243 ecr 3849200035,nop,wscale 7], length 0
16:39:20.806390 IP 192.168.11.2.55082 > matar.ispgateway.de.http: Flags [S], seq 272158038, win 14600, options [mss 1460,sackOK,TS val 3849200786 ecr 0,nop,wscale 7], length 0
16:39:20.823308 IP matar.ispgateway.de.http > 192.168.11.2.55082: Flags [S.], seq 1589811596, ack 272158039, win 5792, options [mss 1460,sackOK,TS val 3505823444 ecr 3849200035,nop,wscale 7], length 0
16:39:21.428241 IP matar.ispgateway.de.http > 192.168.11.2.55082: Flags [S.], seq 1589811596, ack 272158039, win 5792, options [mss 1460,sackOK,TS val 3505823505 ecr 3849200035,nop,wscale 7], length 0

 

10 More Discussions You Might Find Interesting

1. IP Networking

Routing, Port Mapping, Internet Sharing etc etc

I'm running OS X. (OS X Server actually) and right now I use a program called BrickHouse to handle my router configuration. But this program kind of sucks. I'd much rather learn how to configure these programs manually. By these programs, I mean the programs OS X comes with to handle these jobs... (0 Replies)
Discussion started by: l008com
0 Replies

2. UNIX for Dummies Questions & Answers

Multi Network card interface problem

My system info is show below:- #uname -a SunOS qfserver 5.8 Generic_117350-29 sun4u sparc SUNW,Sun-Blade-2500 and I have two network card as shown below:- #ifconfig -a lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 bge0:... (1 Reply)
Discussion started by: sarifudin
1 Replies

3. IP Networking

redirect routing on non-default interface

Hello list membes I have a linux running firewall/router machine, connecting LAN to the internet with two interfaces (no load balancing or other connections). One is a fast connection with dynamic IP (ADSL) which is the default route, the other is a static IP (T3) connection (used for mail sever... (4 Replies)
Discussion started by: docawk
4 Replies

4. AIX

Multi Link Interface Runtime - where to download ?

Hello, I need "devices.common.IBM.ml 1.4.0.0 C F Multi Link Interface Runtime" to be installed on my machine. I need it for two SAN cards to work correctly. Where do I get it ? thanks Vilius (1 Reply)
Discussion started by: vilius
1 Replies

5. Programming

libcurl multi interface problem

Hello, I'm trying to use libcurl multi interface to fetch several data in parallel. I would expect this to be faster than performing repeated fetches using the easy interface, but for some reason I can't obtain any speed up at all: using the multi interface actually turns out to be MUCH slower than... (2 Replies)
Discussion started by: clalfa
2 Replies

6. SCO

Change SCO - GUI or Desktop interface to DOS based interface

Hi all I have installed a demo version of SCO OpenServer 5.0.2, I finally found it is Desktop Interface, I would like to know how to change its interface to dos based interface? If you have any ideas, please tell me then. Thank you (2 Replies)
Discussion started by: TinhNhi
2 Replies

7. IP Networking

DHCP Server on Vxworks multi interface question

Hi, We currently operate a DHCP Server on Vxworks system. It seems that the server is functioning only over the boot interface. While trying to use it on a different interface the DHCP client messages seems to reach the interface but stay without response. From a... (1 Reply)
Discussion started by: zohara
1 Replies

8. IP Networking

routing to two subnets from a multi-homed server

We have two subnets, say 'domA' (192.168.0.0/24) and 'domB' (10.10.0.0/16). These subnets are connected through the router 'router01'. One server 'base01' has two network cards, configured to domA and domB subnets respectively. Now let's consider a host host01.domA (192.168.0.5) trying to... (0 Replies)
Discussion started by: amriksk
0 Replies

9. Solaris

Traffic routing through wrong interface

Solaris-9 server is having one primary IP 10.41.161.14 on qfe0 and 10.41.116.0 on qfe3:1. Traffic is going through virtual interface instead of physical interface. How should I force traffic to go with primary interface. root@smtsrvn01:/# netstat -nr Routing Table: IPv4 Destination ... (2 Replies)
Discussion started by: solaris_1977
2 Replies

10. IP Networking

Facing issue in ip6table rule for port based routing management

Hi, Please help me on issue described below, I have 4 machine setup, M1 -> M2 -> M3 | M4. And A laptop that can be reachable through both M3 and M4. M2 has 2 NIC conected to M3 and M4. Now I want to divide the flow coming from M1 for laptop. At M2, I have done following,... (1 Reply)
Discussion started by: rahulbhansali24
1 Replies

LEARN ABOUT DEBIAN

tgt-setup-lun

tgt-setup-lun(8)					      System Manager's Manual						  tgt-setup-lun(8)

NAME

       tgt-setup-lun - creates a target, adds a device to the target and defines initiators that can connect to the target

SYNOPSIS

       tgt-setup-lun -d device -n target_name [initiator_IP1 initiator_IP2 ...] [-h]

DESCRIPTION

       Starts tgtd if necessary and creates a target according to the supplied target_name. The format of the target name is as follows:
       iqn.2001-04.com.<hostname>-<target_name> The target name must be unique.

       The  script then adds the requested device to the target. If specific IP addresses are defined, it adds them to the list of allowed initia-
       tors for that target. If no IP addresses is defined, it defines that the target accepts any initiator.

EXAMPLES

       Create a target that uses /dev/sdb1 and allows connections only from 192.168.10.81:
       tgt-setup-lun -d /dev/sdb1 -n my_target 192.168.10.81

       Create a target that uses /dev/sdb1 and allows connections only from 192.168.10.81 and 192.168.10.82:
       tgt-setup-lun -d /dev/sdb1 -n my_target 192.168.10.81 192.168.10.82

       Create a target that uses /dev/sdb1 and allows connections from any initiator:
       tgt-setup-lun -d /dev/sdb1 -n my_target

       Display help:
       tgt-setup-lun -h

AUTHOR

       Written by Erez Zilber

REPORTING BUGS

       Report bugs to <stgt@vger.kernel.org>

COPYRIGHT

       Copyright (C) Voltaire Ltd. 2008.

																  tgt-setup-lun(8)
All times are GMT -4. The time now is 09:50 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy