* NAT: ip rule FROM seems ignored
@ 2014-12-26 19:03 Florent B
2014-12-27 9:46 ` Florent B
0 siblings, 1 reply; 2+ messages in thread
From: Florent B @ 2014-12-26 19:03 UTC (permalink / raw)
To: lartc
Hi everyone,
I'm not an iproute2 or iptables guru, so please excuse me if I say
something wrong.
I have a server with Debian Squeeze (2.6.32) which needs to act as a
load balancer.
It needs to do NAT with backends servers.
Until there, it is working, I have packet going out my server to the
client IP address.
The problem is that this packet is not sent to the right gateway !
Here is my IP config :
eth0 : 10.111.13.41/16
eth0:vip : 10.111.13.40/16
eth1 : 10.108.13.111/16
eth1:sina1-1 : 10.108.240.164/16
eth1:sina1-2 : 10.108.240.165/16
eth1:sina1-3 : 10.108.240.166/16
eth1:sina1-4 : 10.108.240.167/16
eth1:sina1-5 : 10.108.240.168/16
I have a "global" system gateway at 10.111.0.253.
When my server is interrogated at 10.108.240.164, it needs to send the
reply to 10.108.0.111.
So here is my config :
root@lb04-1:~# ip rule list
0: from all lookup local
32758: from 10.108.240.164 lookup table_eth1
32759: from 10.108.240.167 lookup table_eth1
32760: from 10.108.240.166 lookup table_eth1
32761: from 10.108.240.165 lookup table_eth1
32762: from 10.108.240.168 lookup table_eth1
32763: from 10.111.13.40 lookup table_eth0
32764: from 10.108.13.111 lookup table_eth1
32765: from 10.111.13.41 lookup table_eth0
32766: from all lookup main
32767: from all lookup default
root@lb04-1:~# ip route show table table_eth1
10.108.0.0/16 dev eth1 scope link src 10.108.13.111
default via 10.108.0.111 dev eth1
Is it, or not, the right way to do this ?
My reply packet from 10.108.240.164 is sent to 10.111.0.254... :(
Can someone has an idea of what I'm doing wrong ?
Thank you a lot.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: NAT: ip rule FROM seems ignored
2014-12-26 19:03 NAT: ip rule FROM seems ignored Florent B
@ 2014-12-27 9:46 ` Florent B
0 siblings, 0 replies; 2+ messages in thread
From: Florent B @ 2014-12-27 9:46 UTC (permalink / raw)
To: lartc
Thank you Miguel, I understand now :)
On 12/27/2014 02:05 AM, Miguel Bernabé wrote:
> > When my server is interrogated at 10.108.240.164, it needs to send the
> > reply to 10.108.0.111.
> >
> > So here is my config :
> >
> > root@lb04-1:~# ip rule list
> > 0: from all lookup local
> > 32758: from 10.108.240.164 lookup table_eth1
>
> If your server does not use the bind call to bind the socket to the IP address 10.108.240.164 then the rule above will not match the packet. This is, if your server does not bind the socket to a given IP address, the source IP address of the packet for the IP header will be |INADDR_ANY and the kernel will fill it at the time the route is choosen using the route table regarding the destination IP address so this source IP address will be the address of the device that match the route. |
>
>
> Miguel Ángel Bernabé
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-12-27 9:46 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-12-26 19:03 NAT: ip rule FROM seems ignored Florent B
2014-12-27 9:46 ` Florent B
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.