You are here: / home / 2011 / 09 / 28

Wed, 28 Sep 2011

How to properly route packages on hosts with multiple NICs?

Dear lazyweb,

I'm encountering a routing problem on one of my Linux machine, for which I haven't found a solution so far. I have a machine which has several network interfaces in different network (it's our monitoring system). So I have eth0 with 192.168.1.2 and eth1 with 10.0.0.2, and an dns entry pointing from myname to 192.168.1.2.

Problems occur, if hosts in the 10.x.x.x network try to access the hosts. Accessing it via it's IP address in that network works, however if they try to access him via his other IP address 192.168.1.2 (e.g. because they resolve it via dns), it leads to some problems:

The host send their packet to his IP address (which works), however when my machine sends the answer, it takes a shortcut, and sends them directly via eth1 and with 10.0.0.2 as source IP. This however gets filtered by a (stateful) firewall somewhere in between, as packet send to 192.168.1.2 are suddenly answered by 10.0.0.2.

So far I found two solutions: Adjust the DNS to resolve to different IPs depending on the source of the request (ugly) or tell all firewalls to always let packet from my host pass, despite the changes source IP (also ugly, and probably quite some work).

Is there anything else I can do? What I would really like, would be a way to tell my linux box to always respond with the IP it was talked to, even if there would be a shorter way to the origin according to the routing rable. So, if a host 10.0.0.42 contacts my host via the IP 192.168.1.2, the answer packet should come from 192.168.1.2 via eth0 instead of instead of having a source IP set to 10.0.0.2, it should be send via eth1. Is that somehow possible?

Update: Wow, that was fast! The ink of my blog is still fresh, and I already got the answer! The solution to my problem is policy based routing. Thanks to weasel, Peter and Dale for their pointers! More information available at http://lartc.org/howto/lartc.rpdb.html, http://www.itbuzzer.net/corner/2007/09/how-to-implement-source-routing-with.asp or http://wiki.georgweiss.de/Linux/source_routing.

postet at 13:25 into [Debian] permanent link


About

Alexander Tolimar Reichle-Schmehl lives in Tuttlingen / Germany. He works as IT manager (specialized on Unix and SAN/Storage) for an international automotive supplier.

Links

My...
- homepage
- GPG public key

external Links

alphascorpii's homepage
alphascorpii's blog
Debian
Debian related blogs
some Debian related news