From: "Niccolò Belli" <darkbasic@linuxsystems.it>
To: netfilter@vger.kernel.org
Cc: lartc@lists.linuxsystems.it
Subject: Problem with ip spoofing load balancing
Date: Wed, 26 Oct 2011 00:10:13 +0200 [thread overview]
Message-ID: <4EA733C5.2050101@linuxsystems.it> (raw)
Hi,
My router is a linux box with two adsl lines attached, one with a 16 IP
subnet and another with a single static address.
Since I need more upload bandwidth and my isp allows me to do ip
spoofing, I decided to do an ip spoofing load bal.
Unfortunately it doesn't work with every client and I don't know why :(
nas0 is the adsl with the public subnet, ppp0 is the adsl with the
single static ip. server_ip is one of the IPs of the subnet.
This is the log with a working client:
SERVER:
Oct 25 22:45:47 firewall kernel: [22098.077637] **NEW** IN NAS0
CONNIN=nas0 OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=60 TOS=0x00
PREC=0x00 TTL=58 ID=16271 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=14600
RES=0x00 SYN URGP=0
Oct 25 22:45:47 firewall kernel: [22098.096517] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=60 TOS=0x00 PREC=0x00
TTL=63 ID=0 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=5792 RES=0x00 ACK SYN
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.195139] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=58 ID=16272 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=229 RES=0x00 ACK
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.214590] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=655 TOS=0x00 PREC=0x00
TTL=58 ID=16273 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=229 RES=0x00 ACK
PSH URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.233922] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=63 ID=51475 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.315441] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=1482 TOS=0x00 PREC=0x00
TTL=63 ID=51476 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.335592] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=155 TOS=0x00 PREC=0x00
TTL=63 ID=51477 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK
PSH URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.355670] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=63 ID=51478 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK
FIN URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.434146] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=58 ID=16274 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=273 RES=0x00 ACK
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.454836] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=58 ID=16275 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=273 RES=0x00 ACK
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.473351] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=58 ID=16276 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=273 RES=0x00 ACK
FIN URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.492317] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=58 ID=16277 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=273 RES=0x00 ACK
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.510745] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=63 ID=51479 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK
URGP=0 MARK=0x4
CLIENT:
Oct 25 22:46:27 laptop kernel: [92080.819184] *NEW* OUT CONN IN=
OUT=wlan1 SRC=192.168.1.2 DST=<server_ip> LEN=60 TOS=0x00 PREC=0x00
TTL=64 ID=16271 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=14600 RES=0x00 SYN
URGP=0
Oct 25 22:46:27 laptop kernel: [92080.938028] IN CONN IN=wlan1 OUT=
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip>
DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP
SPT=80 DPT=34877 WINDOW=5792 RES=0x00 ACK SYN URGP=0
Oct 25 22:46:27 laptop kernel: [92080.938067] OUT CONN IN= OUT=wlan1
SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64
ID=16272 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=229 RES=0x00 ACK URGP=0
Oct 25 22:46:27 laptop kernel: [92080.938565] OUT CONN IN= OUT=wlan1
SRC=192.168.1.2 DST=<server_ip> LEN=655 TOS=0x00 PREC=0x00 TTL=64
ID=16273 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=229 RES=0x00 ACK PSH URGP=0
Oct 25 22:46:27 laptop kernel: [92081.075375] IN CONN IN=wlan1 OUT=
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip>
DST=192.168.1.2 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=51475 DF PROTO=TCP
SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK URGP=0
Oct 25 22:46:27 laptop kernel: [92081.174877] IN CONN IN=wlan1 OUT=
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip>
DST=192.168.1.2 LEN=1482 TOS=0x00 PREC=0x00 TTL=51 ID=51476 DF PROTO=TCP
SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK URGP=0
Oct 25 22:46:27 laptop kernel: [92081.174903] OUT CONN IN= OUT=wlan1
SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64
ID=16274 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=273 RES=0x00 ACK URGP=0
Oct 25 22:46:27 laptop kernel: [92081.178769] IN CONN IN=wlan1 OUT=
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip>
DST=192.168.1.2 LEN=155 TOS=0x00 PREC=0x00 TTL=50 ID=51477 DF PROTO=TCP
SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK PSH URGP=0
Oct 25 22:46:27 laptop kernel: [92081.178793] OUT CONN IN= OUT=wlan1
SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64
ID=16275 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=273 RES=0x00 ACK URGP=0
Oct 25 22:46:27 laptop kernel: [92081.178861] OUT CONN IN= OUT=wlan1
SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64
ID=16276 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=273 RES=0x00 ACK FIN URGP=0
Oct 25 22:46:27 laptop kernel: [92081.198553] IN CONN IN=wlan1 OUT=
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip>
DST=192.168.1.2 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=51478 DF PROTO=TCP
SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK FIN URGP=0
Oct 25 22:46:27 laptop kernel: [92081.198590] OUT CONN IN= OUT=wlan1
SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64
ID=16277 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=273 RES=0x00 ACK URGP=0
Oct 25 22:46:28 laptop kernel: [92081.351125] IN CONN IN=wlan1 OUT=
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip>
DST=192.168.1.2 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=51479 DF PROTO=TCP
SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK URGP=0
This is the log with a *NOT* working client:
SERVER:
Oct 25 22:32:55 firewall kernel: [21325.121680] **NEW** IN NAS0
CONNIN=nas0 OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=60 TOS=0x00
PREC=0x00 TTL=54 ID=14919 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=5840
RES=0x00 SYN URGP=0
Oct 25 22:32:55 firewall kernel: [21325.140239] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=60 TOS=0x00 PREC=0x00
TTL=63 ID=0 DF PROTO=TCP SPT=80 DPT=31549 WINDOW=5792 RES=0x00 ACK SYN
URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.236986] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=54 ID=14920 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=46 RES=0x00 ACK
URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.267581] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=653 TOS=0x00 PREC=0x00
TTL=54 ID=14921 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=46 RES=0x00 ACK PSH
URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.286615] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=63 ID=55122 DF PROTO=TCP SPT=80 DPT=31549 WINDOW=438 RES=0x00 ACK
URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.385647] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=137 TOS=0x00 PREC=0x00
TTL=63 ID=55124 DF PROTO=TCP SPT=80 DPT=31549 WINDOW=438 RES=0x00 ACK
PSH URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.405173] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=63 ID=55125 DF PROTO=TCP SPT=80 DPT=31549 WINDOW=438 RES=0x00 ACK
FIN URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.484020] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=64 TOS=0x00 PREC=0x00
TTL=54 ID=14922 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=46 RES=0x00 ACK
URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.504418] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=64 TOS=0x00 PREC=0x00
TTL=54 ID=14923 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=46 RES=0x00 ACK
URGP=0 MARK=0x4
CLIENT:
Oct 25 22:32:54 shoutcast-server kernel: [180468.541703] *NEW* OUT CONN
IN= OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=60 TOS=0x00
PREC=0x00 TTL=64 ID=14919 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=5840
RES=0x00 SYN URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.659871] IN CONN IN=eth0
OUT= MAC=00:01:2e:2d:72:e3:00:11:92:95:25:72:08:00 SRC=<server_ip>
DST=192.168.203.10 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=TCP
SPT=80 DPT=49680 WINDOW=5792 RES=0x00 ACK SYN URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.659935] OUT CONN IN=
OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=64 ID=14920 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=46 RES=0x00 ACK URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.660406] OUT CONN IN=
OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=653 TOS=0x00 PREC=0x00
TTL=64 ID=14921 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=46 RES=0x00 ACK PSH
URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.805969] IN CONN IN=eth0
OUT= MAC=00:01:2e:2d:72:e3:00:11:92:95:25:72:08:00 SRC=<server_ip>
DST=192.168.203.10 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=55122 DF
PROTO=TCP SPT=80 DPT=49680 WINDOW=438 RES=0x00 ACK URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.908678] IN CONN IN=eth0
OUT= MAC=00:01:2e:2d:72:e3:00:11:92:95:25:72:08:00 SRC=<server_ip>
DST=192.168.203.10 LEN=137 TOS=0x00 PREC=0x00 TTL=48 ID=55124 DF
PROTO=TCP SPT=80 DPT=49680 WINDOW=438 RES=0x00 ACK PSH URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.908733] OUT CONN IN=
OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=64 TOS=0x00 PREC=0x00
TTL=64 ID=14922 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=46 RES=0x00 ACK URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.924857] IN CONN IN=eth0
OUT= MAC=00:01:2e:2d:72:e3:00:11:92:95:25:72:08:00 SRC=<server_ip>
DST=192.168.203.10 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=55125 DF
PROTO=TCP SPT=80 DPT=49680 WINDOW=438 RES=0x00 ACK FIN URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.924914] OUT CONN IN=
OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=64 TOS=0x00 PREC=0x00
TTL=64 ID=14923 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=46 RES=0x00 ACK URGP=0
As you can see both clients do receive the spoofed packets, but the
second one can't load the page.
Suggestions?
Thanks,
Niccolò
next reply other threads:[~2011-10-25 22:10 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-25 22:10 Niccolò Belli [this message]
2011-10-26 12:26 ` [LARTC] Problem with ip spoofing load balancing Niccolò Belli
[not found] <4EA821DD.1050306@linuxsystems.it>
[not found] ` <alpine.LFD.2.00.1110262235340.1558@ja.ssi.bg>
2011-10-26 20:38 ` Niccolò Belli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4EA733C5.2050101@linuxsystems.it \
--to=darkbasic@linuxsystems.it \
--cc=lartc@lists.linuxsystems.it \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox