Re: forcing client source ip on multi-ip system

To: debian-user@lists.debian.org
Subject: Re: forcing client source ip on multi-ip system
From: David Z Maze <dmaze@debian.org>
Date: Wed, 24 Jul 2002 10:46:33 -0400
Message-id: <[🔎] y684repmbee.fsf@multics.mit.edu>
In-reply-to: <[🔎] 20020724110056.51f84cb3.csousa@tvtel.pt> (Carlos Sousa's message of "Wed, 24 Jul 2002 11:00:56 +0100")
References: <[🔎] 1027485689.4188.23.camel@poka.localdomain.fake> <[🔎] 20020724110056.51f84cb3.csousa@tvtel.pt>

Carlos Sousa <csousa@tvtel.pt> writes:
> On Wed, 24 Jul 2002 07:43:25 +0300 Baruch Even <baruch@debian.org>
> wrote:
>
>> I have a system with two IPs on the same subnet (on interfaces eth0
>> and eth0:1), I want a single server to use one of the IPs for the
>> source IP of it's request. This I know how to achieve. But I want that
>> any other program will use the second IP address. And I'm unable to
>> achieve that, it looks like each run of any client program will choose
>> randomly between the interfaces.
>
> <disclaimer>
> Just a few items from a generally clueless would-be sysadmin, used to
> RTFM things to death, feel free not to bother reading the rest of this
> email.
> </disclaimer>
>
> Two IPs on the *same* subnet is a bit weird, no? How are the routing
> tables supposed to resolve the route to be used?

I actually have the same setup on my machines at home; the two
addresses correspond to either a NAT or IP-over-IP tunnel setup on the
gateway.  The NAT address is useful if the tunnel is down but other
parts of the world work.

What I've found is that the source address isn't selected until the
packet leaves the machine; in this case, the source address is the
source address of the interface the outgoing packet is routed over.
So in emergencies, I can change my local machine's default gateway
from the tunnel gateway to 192.168.1.1, and packets go through the NAT
gateway instead (with a source address of 192.168.1.2, the address of
eth0:1 on the local machine).

> Perhaps the answer in a little traffic redirection through iptables,
> using the OUTPUT chain of the 'filter' table (for locally generated
> packets) to redirect packets trying to leave through the undesired IP to
> the desired IP.

This should work.  You could also do a little more ad-hoc routing with
the simpler 'route' command; add a route to the destination for the
dedicated server through the gateway it needs to use, and set the
default route to point to the other gateway.

-- 
David Maze         dmaze@debian.org      http://people.debian.org/~dmaze/
"Theoretical politics is interesting.  Politicking should be illegal."
	-- Abra Mitchell

-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- forcing client source ip on multi-ip system
  - From: Baruch Even <baruch@debian.org>
- Re: forcing client source ip on multi-ip system
  - From: Carlos Sousa <csousa@tvtel.pt>

Prev by Date: wheel mouse on woody?
Next by Date: Re: BIND alternatives
Previous by thread: Re: forcing client source ip on multi-ip system
Next by thread: Re: forcing client source ip on multi-ip system
Index(es):
- Date
- Thread