[RndTbl] IP rule (multihoming) problem
Trevor Cordes
trevor at tecnopolis.ca
Wed Oct 28 16:29:25 CDT 2015
On 2015-10-28 Adam Thompson wrote:
> I have CentOS 6 system - my tape backup server - that's connected to
> two different subnets ("100" and "158").
> There is also a router (actually a firewall) that routes between
> subnets "100" and "158".
> The server's default gateway is the router IP on subnet "158".
> The server's primary management IP address is the address on subnet
> "158".
An ascii picture might help.
> There are client systems on subnet "100", both management
> workstations and things to back up.
>
> When I try to SSH to the management IP in 158, the default behaviour
SSH from what host to what host?
> in Linux is to send the reply back out the 'closest' interface, which
> is the "100" interface. This breaks things, because the router is
> actually a stateful firewall and I suddenly have asymmetric routing.
Hmm, default is to use the closest IF and not the IF that the traffic
came in on (for tcp)? I wouldn't have guessed that.
You could use the various tc, ip rules, iptables, routing, etc
functions of linux to force something to a certain IF, but I'm pretty
sure that something can't change. i.e. you'd have to say "all ssh from
host w.x.y.z goes out on .158" -- you couldn't make it dynamic AFAIK:
you can't say "send the packet back out on the IF it came in
on" (AFAIK).
In your case you could always have 2 different sshd's running on diff
ports if you really needed it on both subnets.
If this sounds like I guessed your scenario right, I can dig out the
various rules for you. I've done it before.
More information about the Roundtable
mailing list