[LARTC] Policy routing and strange packets traversing.

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

Please suppose following config:

Two external interfaces for two different providers
On each of them configured NAT for specific IP addr.
ie.

4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc htb qlen 100
    inet 1.1.1.30/30 brd 1.1.1.31 scope global eth2
6: eth4: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc htb qlen 100
    inet 2.2.2.66/27 brd 2.2.2.95 scope global eth4

On eth2 NAT outgoing traffic to 1.1.1.30
On eth4 NAT outgoing traffic to 2.2.2.66


Rules related for this interfaces and traffic:

# To be sure that traffic goes to proper gateway
22:     from 1.1.1.30 lookup 1
22:     from 2.2.2.66 lookup 2
...
# This rules are unnecessary I think but used for diagnostics gateways
#by me.
30:     from all to 1.1.1.29 lookup 1
30:     from all to 2.2.2.65 lookup 2

#Balance tables distributes traffic from LAN.
70:     from all iif eth1 lookup balance


# ip r l ta 1
default via 1.1.1.29 dev eth2
# ip r l ta 2
default via 2.2.2.65 dev eth4
# ip r l ta balance
default
        nexthop via 1.1.1.29  dev eth2 weight 2
        nexthop via 2.2.2.65  dev eth4 weight 3

So. Everything works but I have observed some behaviour what
I can't understand..

What I expected was that trafic nated to 1.1.1.30 goes throught eth2
and traffic nated to 2.2.2.66 goes throught eth4.

Unfortunatelly when become listening on eth4 with following command:
tcpdump -n -i eth4 src 1.1.1.30
I can see trafiic which I am not expecting on this interface:
1.1.1.30.3145 > 217.98.144.187.20: P 1608:2144(536) ack 1 win 16616 (DF)
1.1.1.30.4282 > 212.77.100.17.5555: . ack 1889 win 17520 (DF)

The simmilar is on eth2:
tcpdump -n -i eth2 src 2.2.2.66
2.2.2.66.6114 > 217.17.41.85.8074: P 58257:58281(24) ack 530714947 win 7506 (DF)

Of course more packets have correct sources [1.1.1.30 for eth2 and
2.2.2.66 on eth4] but I cant see the reason there are some missed
packets...
I did experiment and attached iptables DROP rule on POSTROUTING on
eth2 and eth4 interfaces to catch bad sourced packets but they didnt
catch anything what says for me this "bad" traffic didnt really go
through incorrect interfaces.

So that I am confused on this packet traversing.. Could someone explain
this behaviour ? Is it OK or I have missed something ?


Regards,
tw                   
--

-----------
 ck.eter.tym.pl
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux