Problem with ip spoofing load balancing

Problem with ip spoofing load balancing

[Niccolò Belli]

Hi,
My router is a linux box with two adsl lines attached, one with a 16 IP 
subnet and another with a single static address.

Since I need more upload bandwidth and my isp allows me to do ip 
spoofing, I decided to do an ip spoofing load bal.

Unfortunately it doesn't work with every client and I don't know why :(

nas0 is the adsl with the public subnet, ppp0 is the adsl with the 
single static ip. server_ip is one of the IPs of the subnet.


This is the log with a working client:

SERVER:
Oct 25 22:45:47 firewall kernel: [22098.077637] **NEW** IN NAS0 
CONNIN=nas0 OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=60 TOS=0x00 
PREC=0x00 TTL=58 ID=16271 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=14600 
RES=0x00 SYN URGP=0
Oct 25 22:45:47 firewall kernel: [22098.096517] OUT PPP0 CONNIN=ethWEB 
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=60 TOS=0x00 PREC=0x00 
TTL=63 ID=0 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=5792 RES=0x00 ACK SYN 
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.195139] IN NAS0 CONNIN=nas0 
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 
TTL=58 ID=16272 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=229 RES=0x00 ACK 
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.214590] IN NAS0 CONNIN=nas0 
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=655 TOS=0x00 PREC=0x00 
TTL=58 ID=16273 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=229 RES=0x00 ACK 
PSH URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.233922] OUT PPP0 CONNIN=ethWEB 
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00 
TTL=63 ID=51475 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK 
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.315441] OUT PPP0 CONNIN=ethWEB 
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=1482 TOS=0x00 PREC=0x00 
TTL=63 ID=51476 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK 
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.335592] OUT PPP0 CONNIN=ethWEB 
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=155 TOS=0x00 PREC=0x00 
TTL=63 ID=51477 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK 
PSH URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.355670] OUT PPP0 CONNIN=ethWEB 
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00 
TTL=63 ID=51478 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK 
FIN URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.434146] IN NAS0 CONNIN=nas0 
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 
TTL=58 ID=16274 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=273 RES=0x00 ACK 
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.454836] IN NAS0 CONNIN=nas0 
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 
TTL=58 ID=16275 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=273 RES=0x00 ACK 
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.473351] IN NAS0 CONNIN=nas0 
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 
TTL=58 ID=16276 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=273 RES=0x00 ACK 
FIN URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.492317] IN NAS0 CONNIN=nas0 
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 
TTL=58 ID=16277 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=273 RES=0x00 ACK 
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.510745] OUT PPP0 CONNIN=ethWEB 
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00 
TTL=63 ID=51479 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK 
URGP=0 MARK=0x4

CLIENT:
Oct 25 22:46:27 laptop kernel: [92080.819184] *NEW* OUT CONN IN= 
OUT=wlan1 SRC=192.168.1.2 DST=<server_ip> LEN=60 TOS=0x00 PREC=0x00 
TTL=64 ID=16271 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=14600 RES=0x00 SYN 
URGP=0
Oct 25 22:46:27 laptop kernel: [92080.938028] IN CONN IN=wlan1 OUT= 
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip> 
DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP 
SPT=80 DPT=34877 WINDOW=5792 RES=0x00 ACK SYN URGP=0
Oct 25 22:46:27 laptop kernel: [92080.938067] OUT CONN IN= OUT=wlan1 
SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64 
ID=16272 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=229 RES=0x00 ACK URGP=0
Oct 25 22:46:27 laptop kernel: [92080.938565] OUT CONN IN= OUT=wlan1 
SRC=192.168.1.2 DST=<server_ip> LEN=655 TOS=0x00 PREC=0x00 TTL=64 
ID=16273 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=229 RES=0x00 ACK PSH URGP=0
Oct 25 22:46:27 laptop kernel: [92081.075375] IN CONN IN=wlan1 OUT= 
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip> 
DST=192.168.1.2 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=51475 DF PROTO=TCP 
SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK URGP=0
Oct 25 22:46:27 laptop kernel: [92081.174877] IN CONN IN=wlan1 OUT= 
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip> 
DST=192.168.1.2 LEN=1482 TOS=0x00 PREC=0x00 TTL=51 ID=51476 DF PROTO=TCP 
SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK URGP=0
Oct 25 22:46:27 laptop kernel: [92081.174903] OUT CONN IN= OUT=wlan1 
SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64 
ID=16274 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=273 RES=0x00 ACK URGP=0
Oct 25 22:46:27 laptop kernel: [92081.178769] IN CONN IN=wlan1 OUT= 
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip> 
DST=192.168.1.2 LEN=155 TOS=0x00 PREC=0x00 TTL=50 ID=51477 DF PROTO=TCP 
SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK PSH URGP=0
Oct 25 22:46:27 laptop kernel: [92081.178793] OUT CONN IN= OUT=wlan1 
SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64 
ID=16275 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=273 RES=0x00 ACK URGP=0
Oct 25 22:46:27 laptop kernel: [92081.178861] OUT CONN IN= OUT=wlan1 
SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64 
ID=16276 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=273 RES=0x00 ACK FIN URGP=0
Oct 25 22:46:27 laptop kernel: [92081.198553] IN CONN IN=wlan1 OUT= 
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip> 
DST=192.168.1.2 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=51478 DF PROTO=TCP 
SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK FIN URGP=0
Oct 25 22:46:27 laptop kernel: [92081.198590] OUT CONN IN= OUT=wlan1 
SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64 
ID=16277 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=273 RES=0x00 ACK URGP=0
Oct 25 22:46:28 laptop kernel: [92081.351125] IN CONN IN=wlan1 OUT= 
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip> 
DST=192.168.1.2 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=51479 DF PROTO=TCP 
SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK URGP=0



This is the log with a *NOT* working client:

SERVER:
Oct 25 22:32:55 firewall kernel: [21325.121680] **NEW** IN NAS0 
CONNIN=nas0 OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=60 TOS=0x00 
PREC=0x00 TTL=54 ID=14919 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=5840 
RES=0x00 SYN URGP=0
Oct 25 22:32:55 firewall kernel: [21325.140239] OUT PPP0 CONNIN=ethWEB 
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=60 TOS=0x00 PREC=0x00 
TTL=63 ID=0 DF PROTO=TCP SPT=80 DPT=31549 WINDOW=5792 RES=0x00 ACK SYN 
URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.236986] IN NAS0 CONNIN=nas0 
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 
TTL=54 ID=14920 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=46 RES=0x00 ACK 
URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.267581] IN NAS0 CONNIN=nas0 
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=653 TOS=0x00 PREC=0x00 
TTL=54 ID=14921 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=46 RES=0x00 ACK PSH 
URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.286615] OUT PPP0 CONNIN=ethWEB 
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00 
TTL=63 ID=55122 DF PROTO=TCP SPT=80 DPT=31549 WINDOW=438 RES=0x00 ACK 
URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.385647] OUT PPP0 CONNIN=ethWEB 
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=137 TOS=0x00 PREC=0x00 
TTL=63 ID=55124 DF PROTO=TCP SPT=80 DPT=31549 WINDOW=438 RES=0x00 ACK 
PSH URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.405173] OUT PPP0 CONNIN=ethWEB 
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00 
TTL=63 ID=55125 DF PROTO=TCP SPT=80 DPT=31549 WINDOW=438 RES=0x00 ACK 
FIN URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.484020] IN NAS0 CONNIN=nas0 
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=64 TOS=0x00 PREC=0x00 
TTL=54 ID=14922 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=46 RES=0x00 ACK 
URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.504418] IN NAS0 CONNIN=nas0 
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=64 TOS=0x00 PREC=0x00 
TTL=54 ID=14923 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=46 RES=0x00 ACK 
URGP=0 MARK=0x4

CLIENT:
Oct 25 22:32:54 shoutcast-server kernel: [180468.541703] *NEW* OUT CONN 
IN= OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=60 TOS=0x00 
PREC=0x00 TTL=64 ID=14919 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=5840 
RES=0x00 SYN URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.659871] IN CONN IN=eth0 
OUT= MAC=00:01:2e:2d:72:e3:00:11:92:95:25:72:08:00 SRC=<server_ip> 
DST=192.168.203.10 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=TCP 
SPT=80 DPT=49680 WINDOW=5792 RES=0x00 ACK SYN URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.659935] OUT CONN IN= 
OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 
TTL=64 ID=14920 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=46 RES=0x00 ACK URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.660406] OUT CONN IN= 
OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=653 TOS=0x00 PREC=0x00 
TTL=64 ID=14921 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=46 RES=0x00 ACK PSH 
URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.805969] IN CONN IN=eth0 
OUT= MAC=00:01:2e:2d:72:e3:00:11:92:95:25:72:08:00 SRC=<server_ip> 
DST=192.168.203.10 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=55122 DF 
PROTO=TCP SPT=80 DPT=49680 WINDOW=438 RES=0x00 ACK URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.908678] IN CONN IN=eth0 
OUT= MAC=00:01:2e:2d:72:e3:00:11:92:95:25:72:08:00 SRC=<server_ip> 
DST=192.168.203.10 LEN=137 TOS=0x00 PREC=0x00 TTL=48 ID=55124 DF 
PROTO=TCP SPT=80 DPT=49680 WINDOW=438 RES=0x00 ACK PSH URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.908733] OUT CONN IN= 
OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=64 TOS=0x00 PREC=0x00 
TTL=64 ID=14922 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=46 RES=0x00 ACK URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.924857] IN CONN IN=eth0 
OUT= MAC=00:01:2e:2d:72:e3:00:11:92:95:25:72:08:00 SRC=<server_ip> 
DST=192.168.203.10 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=55125 DF 
PROTO=TCP SPT=80 DPT=49680 WINDOW=438 RES=0x00 ACK FIN URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.924914] OUT CONN IN= 
OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=64 TOS=0x00 PREC=0x00 
TTL=64 ID=14923 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=46 RES=0x00 ACK URGP=0



As you can see both clients do receive the spoofed packets, but the 
second one can't load the page.


Suggestions?

Thanks,
Niccolò

Re: Problem with ip spoofing load balancing

[Niccolò Belli]

Il 26/10/2011 21:43, Julian Anastasov ha scritto:
> 	I looked at broken-spoofing-server.pcap and
> broken-spoofing-client.pcap
>
> 	It looks like that this packet comes after some
> packet that is dropped before server:
>
> IP 2.119.245.36.80>  88.38.77.130.39243: Flags [P.], seq 1449:1534, ack 602, win 438, options [nop,nop,TS val 17124611 ecr 56937089], length 85
>
> 	May be the seq 1:1449 packet can not reach 2.119.245.36.80,
> that is why it does not go to client 88.38.77.130.39243.
> May be server is a virtual server or something like that.
>
> 	I guess someone before 2.119.245.36.80 is sending
> large packets and some MTU is low and may be due to missing
> ICMP the sender there can not learn the lower path MTU.
> May be client can use ip route add ... advmss 1400 to check
> if problem is fixed that way. May be there is some tunnel
> behind the server that uses lower MTU.
>
> 	Note that some 3.0.X kernels have problem that
> ICMP is not sent and this can cause PMTU problems.

SOLVED! Thanks Julian Anastasov.

Niccolò