I already had this working years ago on another server, but now it wont work correctly.
I have a second routing-table with a default route to the second interface.
I fwmark the http(s) traffic and set a rule that this traffic should use the special routing table.
And indeed the http traffic goes out via eth2 with the right src and destination, as I can see with tcpdump. A syn package [S] goes out - and a reply [S.] comes back in, to the right src ip / port. The firewall is completely open for input over the interface.
BUT, my host does not react to the incoming package [S.]. It does not continue with [.] (what would complete the three-way-handshake I guess, like I can see on other connections over the main interface). Instead after 1s it retries syn [S] and the remote host multiple times repeats its [S.] packages.
So what in all the world is going on? Why does the host's networking not react to the [S.] reply from the target? It's coming in, but not processed..
So strange!? Any relevant changes in Linux (Ubuntu 12.4 LTS) networking since I had such a setup running 5-8 years ago?
[The setup DOES work for traffic coming from outside over that interface, see from rule below!]
Thanks for any help / ideas!
-----------
Code:
root@mail:~# ip route show table backupline
default via 192.168.11.1 dev eth2
192.168.11.0/24 dev eth2 scope link src 192.168.11.2
root@mail:~# ip rule show
0: from all lookup local
32764: from 192.168.11.0/24 lookup backupline
32765: from all fwmark 0x2 lookup backupline
32766: from all lookup main
32767: from all lookup default
FW:
Chain INPUT (policy DROP 2275 packets, 156K bytes)
pkts bytes target prot opt in out source destination
57194 8286K ACCEPT all -- eth2 any anywhere anywhere
tcpdump:
listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes
16:39:17.804014 IP 192.168.11.2.55082 > matar.ispgateway.de.http: Flags [S], seq 272158038, win 14600, options [mss 1460,sackOK,TS val 3849200035 ecr 0,nop,wscale 7], length 0
16:39:17.823292 IP matar.ispgateway.de.http > 192.168.11.2.55082: Flags [S.], seq 1589811596, ack 272158039, win 5792, options [mss 1460,sackOK,TS val 3505823144 ecr 3849200035,nop,wscale 7], length 0
16:39:18.802418 IP 192.168.11.2.55082 > matar.ispgateway.de.http: Flags [S], seq 272158038, win 14600, options [mss 1460,sackOK,TS val 3849200285 ecr 0,nop,wscale 7], length 0
16:39:18.818238 IP matar.ispgateway.de.http > 192.168.11.2.55082: Flags [S.], seq 1589811596, ack 272158039, win 5792, options [mss 1460,sackOK,TS val 3505823243 ecr 3849200035,nop,wscale 7], length 0
16:39:20.806390 IP 192.168.11.2.55082 > matar.ispgateway.de.http: Flags [S], seq 272158038, win 14600, options [mss 1460,sackOK,TS val 3849200786 ecr 0,nop,wscale 7], length 0
16:39:20.823308 IP matar.ispgateway.de.http > 192.168.11.2.55082: Flags [S.], seq 1589811596, ack 272158039, win 5792, options [mss 1460,sackOK,TS val 3505823444 ecr 3849200035,nop,wscale 7], length 0
16:39:21.428241 IP matar.ispgateway.de.http > 192.168.11.2.55082: Flags [S.], seq 1589811596, ack 272158039, win 5792, options [mss 1460,sackOK,TS val 3505823505 ecr 3849200035,nop,wscale 7], length 0
Hi,
Please help me on issue described below,
I have 4 machine setup, M1 -> M2 -> M3 | M4. And A laptop that can be reachable through both M3 and M4.
M2 has 2 NIC conected to M3 and M4. Now I want to divide the flow coming from M1 for laptop.
At M2, I have done following,... (1 Reply)
Solaris-9 server is having one primary IP 10.41.161.14 on qfe0 and 10.41.116.0 on qfe3:1. Traffic is going through virtual interface instead of physical interface. How should I force traffic to go with primary interface.
root@smtsrvn01:/# netstat -nr
Routing Table: IPv4
Destination ... (2 Replies)
We have two subnets, say 'domA' (192.168.0.0/24) and 'domB' (10.10.0.0/16). These subnets are connected through the router 'router01'. One server 'base01' has two network cards, configured to domA and domB subnets respectively.
Now let's consider a host host01.domA (192.168.0.5) trying to... (0 Replies)
Hi,
We currently operate a DHCP Server on Vxworks system.
It seems that the server is functioning only over the boot interface.
While trying to use it on a different interface the DHCP client messages seems to reach the interface but stay without response.
From a... (1 Reply)
Hi all
I have installed a demo version of SCO OpenServer 5.0.2, I finally found it is Desktop Interface, I would like to know how to change its interface to dos based interface?
If you have any ideas, please tell me then. Thank you (2 Replies)
Hello, I'm trying to use libcurl multi interface to fetch several data in parallel. I would expect this to be faster than performing repeated fetches using the easy interface, but for some reason I can't obtain any speed up at all: using the multi interface actually turns out to be MUCH slower than... (2 Replies)
Hello,
I need "devices.common.IBM.ml 1.4.0.0 C F Multi Link Interface Runtime" to be installed on my machine.
I need it for two SAN cards to work correctly.
Where do I get it ?
thanks
Vilius (1 Reply)
Hello list membes
I have a linux running firewall/router machine, connecting LAN to the internet with two interfaces (no load balancing or other connections). One is a fast connection with dynamic IP (ADSL) which is the default route, the other is a static IP (T3) connection (used for mail sever... (4 Replies)
My system info is show below:-
#uname -a
SunOS qfserver 5.8 Generic_117350-29 sun4u sparc SUNW,Sun-Blade-2500
and I have two network card as shown below:-
#ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
bge0:... (1 Reply)
I'm running OS X. (OS X Server actually) and right now I use a program called BrickHouse to handle my router configuration. But this program kind of sucks. I'd much rather learn how to configure these programs manually. By these programs, I mean the programs OS X comes with to handle these jobs... (0 Replies)
