From mboxrd@z Thu Jan 1 00:00:00 1970 From: Giles Coochey Subject: Re: Policy routing problem Date: Wed, 24 Oct 2012 15:27:17 +0100 Message-ID: <5087FAC5.1010305@coochey.net> References: <56295.129.217.4.64.1350990304.squirrel@postamt.cs.uni-dortmund.de> Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms010502040909030704060005" Return-path: In-Reply-To: <56295.129.217.4.64.1350990304.squirrel@postamt.cs.uni-dortmund.de> Sender: linux-admin-owner@vger.kernel.org List-ID: To: Christoph Pleger Cc: linux-admin@vger.kernel.org This is a cryptographically signed message in MIME format. --------------ms010502040909030704060005 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable On 23/10/2012 12:05, Christoph Pleger wrote: > Hello, > > I am running a DHCP-Server that serves multiple subnets. The server has= > an IP address in all of these subnets, and its primary IP address in a > subnet that is not served by DHCP. Every IP address has its own VLAN > Ethernet interface, eth0.102, eth0.104, etc. In this setup, the DHCP > server often does not send its unicast replies on the interface where i= t > received the corresponding request, but on the interface of its primary= > IP address, and with that IP. My first thought how to change this was b= y > setting routes depending on destination addresses, but this would cause= > big problems with other services running on the same machine, so I trie= d > to combine iproute2 and iptables, like this: > If there any particular reason why you have the DHCP server on the same=20 subnet as your DHCP clients? I know I'm not answering your questions, but I wouldn't set it up that=20 way in the first place on my own environments. --=20 Regards, Giles Coochey, CCNA, CCNAS NetSecSpec Ltd +44 (0) 7983 877438 http://www.coochey.net http://www.netsecspec.co.uk giles@coochey.net --------------ms010502040909030704060005 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIOTTCC BjQwggQcoAMCAQICAR4wDQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoT DVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNp Z25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3 MTAyNDIxMDE1NVoXDTE3MTAyNDIxMDE1NVowgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1T dGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWdu aW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENs aWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMcJg8zOLdgasSmkLhOr lr6KMoOMpohBllVHrdRvEg/q6r8jR+EK75xCGhR8ToREoqe7zM9/UnC6TS2y9UKTpT1v7RSM zR0t6ndl0TWBuUr/UXBhPk+Kmy7bI4yW4urC+y7P3/1/X7U8ocb8VpH/Clt+4iq7nirMcNh6 qJR+xjOhV+VHzQMALuGYn5KZmc1NbJQYclsGkDxDz2UbFqE2+6vIZoL+jb9x4Pa5gNf1TwSD kOkikZB1xtB4ZqtXThaABSONdfmv/Z1pua3FYxnCFmdr/+N2JLKutIxMYqQOJebr/f/h5t95 m4JgrM3Y/w7YX9d7YAL9jvN4SydHsU6n65cCAwEAAaOCAa0wggGpMA8GA1UdEwEB/wQFMAMB Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRTcu2SnODaywFcfH6WNU7y1LhRgjAfBgNV HSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jBmBggrBgEFBQcBAQRaMFgwJwYIKwYBBQUH MAGGG2h0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9jYTAtBggrBgEFBQcwAoYhaHR0cDovL3d3 dy5zdGFydHNzbC5jb20vc2ZzY2EuY3J0MFsGA1UdHwRUMFIwJ6AloCOGIWh0dHA6Ly93d3cu c3RhcnRzc2wuY29tL3Nmc2NhLmNybDAnoCWgI4YhaHR0cDovL2NybC5zdGFydHNzbC5jb20v c2ZzY2EuY3JsMIGABgNVHSAEeTB3MHUGCysGAQQBgbU3AQIBMGYwLgYIKwYBBQUHAgEWImh0 dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93 d3cuc3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwDQYJKoZIhvcNAQEFBQADggIBAAqD CH14qywGXLhjjF6uHLkjd02hcdh9hrw+VUsv+q1eeQWB21jWj3kJ96AUlPCoEGZ/ynJNScWy 6QMVQjbbMXltUfO4n4bGGdKo3awPWp61tjAFgraLJgDk+DsSvUD6EowjMTNx25GQgyYJ5RPI zKKR9tQW8gGK+2+RHxkUCTbYFnL6kl8Ch507rUdPPipJ9CgJFws3kDS3gOS5WFMxcjO5DwKf KSETEPrHh7p5shuuNktvsv6hxHTLhiMKX893gxdT3XLS9OKmCv87vkINQcNEcIIoFWbP9HOR z9v3vQwR4e3ksLc2JZOAFK+ssS5XMEoznzpihEP0PLc4dCBYjbvSD7kxgDwZ+Aj8Q9PkbvE9 sIPP7ON0fz095HdThKjiVJe6vofq+n6b1NBc8XdrQvBmunwxD5nvtTW4vtN6VY7mUCmxsCie uoBJ9OlqmsVWQvifIYf40dJPZkk9YgGTzWLpXDSfLSplbY2LL9C9U0ptvjcDjefLTvqSFc7t w1sEhF0n/qpA2r0GpvkLRDmcSwVyPvmjFBGqUp/pNy8ZuPGQmHwFi2/14+xeSUDG2bwnsYJQ G2EdJCB6luQ57GEnTA/yKZSTKI8dDQa8Sd3zfXb19mOgSF0bBdXbuKhEpuP9wirslFe6fQ1t 5j5R0xi72MZ8ikMu1RQZKCyDbMwazlHiMIIIETCCBvmgAwIBAgIDBKGZMA0GCSqGSIb3DQEB BQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20g Q2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwHhcNMTIwODAyMTU1NjAw WhcNMTMwODA0MDIwMDE4WjBZMRkwFwYDVQQNExBnanFIR0lxZDBYT3U1N20yMRowGAYDVQQD DBFnaWxlc0Bjb29jaGV5Lm5ldDEgMB4GCSqGSIb3DQEJARYRZ2lsZXNAY29vY2hleS5uZXQw ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwy1fAgAJJnxg6Z+j/hAp3qXYKI+rS 2rkBB5Rhqm0Z3zpvE828OeErR6JQmod4OM9CQwDihHqO/xe+LPZ1GV0rx6p6/OhRrdfi3h/x 6/pxvOjwmr5E8HhDqHyzTX7SJ/a38g3uTMC6eZXEr7Pj6ItU4cBkfGUg1Jvi3TQTgLiiCli7 3+fBBL2e11ol/UAp9T0NQM7deyNY/JpOn0YGSrNwAqaoWniemCzaBuP8PCjH2e2idx13dcfe DmGvl4wMtrhQHQ8vJTVw9veyUO87uCpfyUIYcnU84/cybLXIl0yN5TFzNWXfRe8ZFvjakdU8 NalkgjM0zRwbvVP4oc7iZW0QFnX3iyGqLFJu+nusWpq3Cjid1Vfv8G12FRYyAgyg8V/AHKb4 tQ1awmgc8RCbhOm96EQEyVN6E8O0L50CLtsV57AEu6cZRkQjEI3bJmwwzlBPy/f9Shl4t41W S4EZjboK27D4Z2NCj4KU1nk12xzZPnOYkqiJ6YLzmGyqPW4LoO02M3i1cYGbS5/CTnz4c68T rCAxxihSMCT32Jr60TAcJdpEF4DBKxb0giMMquWQIA6WYwyKabSCn93KLEmeCZgKEN84Prbr C8srus5/nocoHSXDYhVFJ8OAbksRLHmPYMWuWGOnFCbPRUsEy5vOKh2IB6l1LqeWApT3Mt5q BdwZUwIDAQABo4IDrDCCA6gwCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYI KwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBQ0PUaFXsBnzYRdVtsSQ+QKhiS9QzAfBgNV HSMEGDAWgBRTcu2SnODaywFcfH6WNU7y1LhRgjAcBgNVHREEFTATgRFnaWxlc0Bjb29jaGV5 Lm5ldDCCAiEGA1UdIASCAhgwggIUMIICEAYLKwYBBAGBtTcBAgIwggH/MC4GCCsGAQUFBwIB FiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMDQGCCsGAQUFBwIBFihodHRw Oi8vd3d3LnN0YXJ0c3NsLmNvbS9pbnRlcm1lZGlhdGUucGRmMIH3BggrBgEFBQcCAjCB6jAn FiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgEBGoG+VGhpcyBjZXJ0aWZp Y2F0ZSB3YXMgaXNzdWVkIGFjY29yZGluZyB0byB0aGUgQ2xhc3MgMSBWYWxpZGF0aW9uIHJl cXVpcmVtZW50cyBvZiB0aGUgU3RhcnRDb20gQ0EgcG9saWN5LCByZWxpYW5jZSBvbmx5IGZv ciB0aGUgaW50ZW5kZWQgcHVycG9zZSBpbiBjb21wbGlhbmNlIG9mIHRoZSByZWx5aW5nIHBh cnR5IG9ibGlnYXRpb25zLjCBnAYIKwYBBQUHAgIwgY8wJxYgU3RhcnRDb20gQ2VydGlmaWNh dGlvbiBBdXRob3JpdHkwAwIBAhpkTGlhYmlsaXR5IGFuZCB3YXJyYW50aWVzIGFyZSBsaW1p dGVkISBTZWUgc2VjdGlvbiAiTGVnYWwgYW5kIExpbWl0YXRpb25zIiBvZiB0aGUgU3RhcnRD b20gQ0EgcG9saWN5LjA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0c3NsLmNv bS9jcnR1MS1jcmwuY3JsMIGOBggrBgEFBQcBAQSBgTB/MDkGCCsGAQUFBzABhi1odHRwOi8v b2NzcC5zdGFydHNzbC5jb20vc3ViL2NsYXNzMS9jbGllbnQvY2EwQgYIKwYBBQUHMAKGNmh0 dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5jbGFzczEuY2xpZW50LmNhLmNydDAj BgNVHRIEHDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJKoZIhvcNAQEFBQADggEB AEUGd5i2UchgrcqvYkz9Upbf2F8PTZuALRz/GaldfTjvLpEmEuFy5rHVFIUJaDRoW8yYSoiL CCvSDkr/ag7AugSYyqc0vQAqn47cGT156A9xphxlLlvbyRQYiUjy77XoROFFPdJjGN+iBqxw tAXs2g3Zvyo8lJF3U+lkoQgrX25WGQAeEtAiwDIvlFOZK+lG7R1DeVPWr6H6WLwZwy90R9d5 b8nGOM0PDS4M6pRW7HifBclNapircGSA/hkBEA+EGangFEfH9p9c9hdmtg0w9NDtF72sxQTi RLdtF9EIs0RP+hAieQ2B9ynVFsbkxFZeZis7wMJk25uVSK3Rn8HQgskxggTdMIIE2QIBATCB lDCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNl Y3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENs YXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBAgMEoZkwCQYFKw4DAhoFAKCC Ah0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTIxMDI0MTQy NzE3WjAjBgkqhkiG9w0BCQQxFgQU/70aCYo0i7flLsFXjBxWZxaPfI4wbAYJKoZIhvcNAQkP MV8wXTALBglghkgBZQMEASowCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMC AgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBpQYJKwYBBAGC NxAEMYGXMIGUMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkG A1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3Rh cnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAwShmTCBpwYL KoZIhvcNAQkQAgsxgZeggZQwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBM dGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYD VQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQID BKGZMA0GCSqGSIb3DQEBAQUABIICAI6dJLIQyRFVzHkB0YXjTxoUes+DNFzV2VTbhaoAiDeQ BDoTw+XuUoLWcz01fb1sn9ZZseQQ6hXZomPrqHJmdnSoZnuMYY8JDCJzOGBuR197v1Scdcru DRm1otIFpqrI94NqGPWb/MupbddJZlvBnQm0hAxlXZnzEGEbRqAne5R00V45f4ymOfbUgAzL 7iPJZ62QvHlw2WO1HRMS9MZp8682UO8D5v+aDvDkEMaEuZtJ02ZpvDH1XhdzFmcSY/UzThKu y7B8WKMAuLFGhD7IbaLVwVr2f1LyCfrKZp1G+G6JAXFU3RULL1l0dEuY0vO72b/6OwhrDlxP 3RlJxKvPMvXsz6ZDw7e6mv5geNqyLPBPHq5PpvGARhPktsmfzqnhilKwlpVYn5TPTyHeyI2e J9sjmCv+j+ujfpl1fcNwxGRZ8EKcDLSdpAGX2IkoB5EI9wypgUMvEOqDEVS8G8NoVMyzWo2w flFmgyNN9V2tBI8lBEGL2Igy6A16JdHFHUtpQELar9tm29zp7Ml9Z17nUoaT/A92R60AkHGK 7Q2VPkgUY6yTOtGab5IGFYcSvzsoue2b37mvvjKVXuUL597+zpVo0cc/VIV6XjEBB09numBW 49TJ8a2u3TrTGcnFRqSQz+Thbl00pqsV025WmJJ/C5Ketl8qz3Q9lCq7dX96BtRjAAAAAAAA --------------ms010502040909030704060005--