From: "Niccolò Belli" <darkbasic@linuxsystems.it>
To: netfilter@vger.kernel.org
Cc: lartc@lists.linuxsystems.it
Subject: Problem with ip spoofing load balancing
Date: Wed, 26 Oct 2011 00:10:13 +0200 [thread overview]
Message-ID: <4EA733C5.2050101@linuxsystems.it> (raw)
Hi,
My router is a linux box with two adsl lines attached, one with a 16 IP
subnet and another with a single static address.
Since I need more upload bandwidth and my isp allows me to do ip
spoofing, I decided to do an ip spoofing load bal.
Unfortunately it doesn't work with every client and I don't know why :(
nas0 is the adsl with the public subnet, ppp0 is the adsl with the
single static ip. server_ip is one of the IPs of the subnet.
This is the log with a working client:
SERVER:
Oct 25 22:45:47 firewall kernel: [22098.077637] **NEW** IN NAS0
CONNIN=nas0 OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=60 TOS=0x00
PREC=0x00 TTL=58 ID=16271 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=14600
RES=0x00 SYN URGP=0
Oct 25 22:45:47 firewall kernel: [22098.096517] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=60 TOS=0x00 PREC=0x00
TTL=63 ID=0 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=5792 RES=0x00 ACK SYN
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.195139] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=58 ID=16272 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=229 RES=0x00 ACK
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.214590] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=655 TOS=0x00 PREC=0x00
TTL=58 ID=16273 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=229 RES=0x00 ACK
PSH URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.233922] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=63 ID=51475 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.315441] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=1482 TOS=0x00 PREC=0x00
TTL=63 ID=51476 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.335592] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=155 TOS=0x00 PREC=0x00
TTL=63 ID=51477 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK
PSH URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.355670] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=63 ID=51478 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK
FIN URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.434146] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=58 ID=16274 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=273 RES=0x00 ACK
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.454836] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=58 ID=16275 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=273 RES=0x00 ACK
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.473351] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=58 ID=16276 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=273 RES=0x00 ACK
FIN URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.492317] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=58 ID=16277 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=273 RES=0x00 ACK
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.510745] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=63 ID=51479 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK
URGP=0 MARK=0x4
CLIENT:
Oct 25 22:46:27 laptop kernel: [92080.819184] *NEW* OUT CONN IN=
OUT=wlan1 SRC=192.168.1.2 DST=<server_ip> LEN=60 TOS=0x00 PREC=0x00
TTL=64 ID=16271 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=14600 RES=0x00 SYN
URGP=0
Oct 25 22:46:27 laptop kernel: [92080.938028] IN CONN IN=wlan1 OUT=
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip>
DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP
SPT=80 DPT=34877 WINDOW=5792 RES=0x00 ACK SYN URGP=0
Oct 25 22:46:27 laptop kernel: [92080.938067] OUT CONN IN= OUT=wlan1
SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64
ID=16272 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=229 RES=0x00 ACK URGP=0
Oct 25 22:46:27 laptop kernel: [92080.938565] OUT CONN IN= OUT=wlan1
SRC=192.168.1.2 DST=<server_ip> LEN=655 TOS=0x00 PREC=0x00 TTL=64
ID=16273 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=229 RES=0x00 ACK PSH URGP=0
Oct 25 22:46:27 laptop kernel: [92081.075375] IN CONN IN=wlan1 OUT=
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip>
DST=192.168.1.2 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=51475 DF PROTO=TCP
SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK URGP=0
Oct 25 22:46:27 laptop kernel: [92081.174877] IN CONN IN=wlan1 OUT=
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip>
DST=192.168.1.2 LEN=1482 TOS=0x00 PREC=0x00 TTL=51 ID=51476 DF PROTO=TCP
SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK URGP=0
Oct 25 22:46:27 laptop kernel: [92081.174903] OUT CONN IN= OUT=wlan1
SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64
ID=16274 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=273 RES=0x00 ACK URGP=0
Oct 25 22:46:27 laptop kernel: [92081.178769] IN CONN IN=wlan1 OUT=
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip>
DST=192.168.1.2 LEN=155 TOS=0x00 PREC=0x00 TTL=50 ID=51477 DF PROTO=TCP
SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK PSH URGP=0
Oct 25 22:46:27 laptop kernel: [92081.178793] OUT CONN IN= OUT=wlan1
SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64
ID=16275 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=273 RES=0x00 ACK URGP=0
Oct 25 22:46:27 laptop kernel: [92081.178861] OUT CONN IN= OUT=wlan1
SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64
ID=16276 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=273 RES=0x00 ACK FIN URGP=0
Oct 25 22:46:27 laptop kernel: [92081.198553] IN CONN IN=wlan1 OUT=
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip>
DST=192.168.1.2 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=51478 DF PROTO=TCP
SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK FIN URGP=0
Oct 25 22:46:27 laptop kernel: [92081.198590] OUT CONN IN= OUT=wlan1
SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64
ID=16277 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=273 RES=0x00 ACK URGP=0
Oct 25 22:46:28 laptop kernel: [92081.351125] IN CONN IN=wlan1 OUT=
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip>
DST=192.168.1.2 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=51479 DF PROTO=TCP
SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK URGP=0
This is the log with a *NOT* working client:
SERVER:
Oct 25 22:32:55 firewall kernel: [21325.121680] **NEW** IN NAS0
CONNIN=nas0 OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=60 TOS=0x00
PREC=0x00 TTL=54 ID=14919 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=5840
RES=0x00 SYN URGP=0
Oct 25 22:32:55 firewall kernel: [21325.140239] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=60 TOS=0x00 PREC=0x00
TTL=63 ID=0 DF PROTO=TCP SPT=80 DPT=31549 WINDOW=5792 RES=0x00 ACK SYN
URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.236986] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=54 ID=14920 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=46 RES=0x00 ACK
URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.267581] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=653 TOS=0x00 PREC=0x00
TTL=54 ID=14921 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=46 RES=0x00 ACK PSH
URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.286615] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=63 ID=55122 DF PROTO=TCP SPT=80 DPT=31549 WINDOW=438 RES=0x00 ACK
URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.385647] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=137 TOS=0x00 PREC=0x00
TTL=63 ID=55124 DF PROTO=TCP SPT=80 DPT=31549 WINDOW=438 RES=0x00 ACK
PSH URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.405173] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=63 ID=55125 DF PROTO=TCP SPT=80 DPT=31549 WINDOW=438 RES=0x00 ACK
FIN URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.484020] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=64 TOS=0x00 PREC=0x00
TTL=54 ID=14922 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=46 RES=0x00 ACK
URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.504418] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=64 TOS=0x00 PREC=0x00
TTL=54 ID=14923 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=46 RES=0x00 ACK
URGP=0 MARK=0x4
CLIENT:
Oct 25 22:32:54 shoutcast-server kernel: [180468.541703] *NEW* OUT CONN
IN= OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=60 TOS=0x00
PREC=0x00 TTL=64 ID=14919 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=5840
RES=0x00 SYN URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.659871] IN CONN IN=eth0
OUT= MAC=00:01:2e:2d:72:e3:00:11:92:95:25:72:08:00 SRC=<server_ip>
DST=192.168.203.10 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=TCP
SPT=80 DPT=49680 WINDOW=5792 RES=0x00 ACK SYN URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.659935] OUT CONN IN=
OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=64 ID=14920 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=46 RES=0x00 ACK URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.660406] OUT CONN IN=
OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=653 TOS=0x00 PREC=0x00
TTL=64 ID=14921 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=46 RES=0x00 ACK PSH
URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.805969] IN CONN IN=eth0
OUT= MAC=00:01:2e:2d:72:e3:00:11:92:95:25:72:08:00 SRC=<server_ip>
DST=192.168.203.10 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=55122 DF
PROTO=TCP SPT=80 DPT=49680 WINDOW=438 RES=0x00 ACK URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.908678] IN CONN IN=eth0
OUT= MAC=00:01:2e:2d:72:e3:00:11:92:95:25:72:08:00 SRC=<server_ip>
DST=192.168.203.10 LEN=137 TOS=0x00 PREC=0x00 TTL=48 ID=55124 DF
PROTO=TCP SPT=80 DPT=49680 WINDOW=438 RES=0x00 ACK PSH URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.908733] OUT CONN IN=
OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=64 TOS=0x00 PREC=0x00
TTL=64 ID=14922 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=46 RES=0x00 ACK URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.924857] IN CONN IN=eth0
OUT= MAC=00:01:2e:2d:72:e3:00:11:92:95:25:72:08:00 SRC=<server_ip>
DST=192.168.203.10 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=55125 DF
PROTO=TCP SPT=80 DPT=49680 WINDOW=438 RES=0x00 ACK FIN URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.924914] OUT CONN IN=
OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=64 TOS=0x00 PREC=0x00
TTL=64 ID=14923 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=46 RES=0x00 ACK URGP=0
As you can see both clients do receive the spoofed packets, but the
second one can't load the page.
Suggestions?
Thanks,
Niccolò
next reply other threads:[~2011-10-25 22:10 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-25 22:10 Niccolò Belli [this message]
2011-10-26 12:26 ` [LARTC] Problem with ip spoofing load balancing Niccolò Belli
[not found] <4EA821DD.1050306@linuxsystems.it>
[not found] ` <alpine.LFD.2.00.1110262235340.1558@ja.ssi.bg>
2011-10-26 20:38 ` Niccolò Belli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4EA733C5.2050101@linuxsystems.it \
--to=darkbasic@linuxsystems.it \
--cc=lartc@lists.linuxsystems.it \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.