<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class=""><div class="">Sounds like you need a VRF for 158/MGMT, where it ONLY goes out the 158 network? I'm not sure if Linux does this, but that might be a place to start perhaps.</div><div class=""><br class=""></div><div class="">Theo</div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Oct 28, 2015, at 1:57 PM, Adam Thompson &lt;<a href="mailto:athompson@avant.ca" class="">athompson@avant.ca</a>&gt; wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div class="gmail_default" style="font-family:monospace,monospace">I have CentOS 6 system - my tape backup server - that's connected to two different subnets ("100" and "158").</div><div class="gmail_default" style="font-family:monospace,monospace">There is also a router (actually a firewall) that routes between subnets "100" and "158".</div><div class="gmail_default" style="font-family:monospace,monospace">The server's default gateway is the router IP on subnet "158".</div><div class="gmail_default" style="font-family:monospace,monospace">The server's primary management IP address is the address on subnet "158".</div><div class="gmail_default" style="font-family:monospace,monospace"><br class=""></div><div class="gmail_default" style="font-family:monospace,monospace">There are client systems on subnet "100", both management workstations and things to back up.</div><div class="gmail_default" style="font-family:monospace,monospace"><br class=""></div><div class="gmail_default" style="font-family:monospace,monospace">When I try to SSH to the management IP in 158, the default behaviour in Linux is to send the reply back out the 'closest' interface, which is the "100" interface.&nbsp; This breaks things, because the router is actually a stateful firewall and I suddenly have asymmetric routing.</div><div class="gmail_default" style="font-family:monospace,monospace"><br class=""></div><div class="gmail_default" style="font-family:monospace,monospace">If I "ifconfig down" the "100" interface, suddenly everything works again... except now a large volume of traffic has to run through the firewall.<br class=""></div><div class="gmail_default" style="font-family:monospace,monospace"><br class=""></div><div class="gmail_default" style="font-family:monospace,monospace">I'm trying to follow the various guidelines I've found for doing "ip rule" rules, but none of them seem to work.</div><div class="gmail_default" style="font-family:monospace,monospace"><br class=""></div><div class="gmail_default" style="font-family:monospace,monospace">Has anyone here accomplished this sort of thing before?</div><div class="gmail_default" style="font-family:monospace,monospace"><br class=""></div><div class="gmail_default" style="font-family:monospace,monospace"><br class=""></div><div class=""><div class="gmail_signature"><div dir="ltr" class=""><div class=""><div dir="ltr" class="">
    
<table class="">
      <tbody class="">
        <tr class="">
          <td width="141px" class=""><img src="http://avant.ca/av/wp-content/uploads/avant_2014_email-e1391110991529.jpg" alt="Avant logo" width="141px" height="45px" class=""></td>
          <td style="font-family:helvetica;font-size:11pt" class=""><b class="">Adam Thompson</b><br class="">
            Senior Systems Administrator<br class="">
            <b class=""><span style="color:rgb(190,215,48)" class="">voice:</span></b>&nbsp;204.789.9596 x24 |&nbsp;<b class=""><span style="color:rgb(0,171,188)" class="">email:</span></b>&nbsp;<a href="mailto:athompson@avant.ca" target="_blank" class="">athompson@avant.ca</a>&nbsp;|&nbsp;<b class=""><span style="color:rgb(180,30,142)" class="">web:</span></b>&nbsp;<a href="http://avant.ca/" target="_blank" class="">avant.ca</a>
            </td>
        </tr>
      </tbody>
    
</table>
    
  
</div></div></div></div></div>
</div>
_______________________________________________<br class="">Roundtable mailing list<br class=""><a href="mailto:Roundtable@muug.mb.ca" class="">Roundtable@muug.mb.ca</a><br class="">http://www.muug.mb.ca/mailman/listinfo/roundtable<br class=""></div></blockquote></div><br class=""></div></div></body></html>