Juan, Martin, thanks! So in a nutshell, first rule of the source address selection is that if the application is already using the socket, then the source address has been chosen. regards, Martin On Fri, Jun 23, 2017 at 6:31 AM, Martin A. Brown <martin@xxxxxxxxxxxx> wrote: > > Hi Martin, > >>I have a server with two networks interfaces: eth0(IPv4 address >>10.10.10.73) and eth1(IPv4 address 192.168.1.16). In addition, there >>is a following static route in this server "main" table: >> >># ip route show 172.16.0.0/24 >>172.16.0.0/24 via 192.168.1.252 dev eth1 src 192.168.1.16 >># >> >>Now when I send an ICMP "echo request" message from 172.16.0.0/24 >>network to IP address 10.10.10.73, then it is sent out via eth1 >>interface because of this static route. According to "ip route get >>172.16.0.0" the source IP should be 192.168.1.16. However, when I >>tcpdump ICMP traffic on eth1 interface, then I can see that source IP >>is actually 10.10.10.73. Why is that so? When I read the >>http://linux-ip.net/html/routing-saddr-selection.html, then it says >>that "kernel will use the src hint from the chosen route path" which >>in this case is 192.168.1.16. Or is the first rule that if it is a >>reply package, then source IP is always the one which initial package >>was addressed to? > > Let's assume no NAT nor packet filtering for a moment. > > You have node A (in 172.16.0.0/24) from which you send echo request. > A.eth0 = 172.16.0.15 # -- I made up this IP > > You have node B (dual-homed server). > B.eth0 = 10.10.10.73 > B.eth1 = 192.168.1.16 > > ( > There's implicitly, node C, a router which has: > C.intZ = 192.168.1.252 > C.intY = 172.16.0.x > but, it is not really important to answer your question. > ) > > Your question is actually very simple. > > Why does node B respond with IP 10.10.10.73 when I send a ping to > that address from 172.16.0.15? > > Answer: > > Because you tried to ping 10.10.10.73, not 192.168.1.16. > > > The source address selection process is used when there is no > already-chosen IP for the local end of the socket. In the case of > the ping packet you described, the local end of the socket is > already defined and has an IP address. > > What happens if you tcpdump on your dual-homed server on eth1 and > you try to ping out to the node from which you sent the original > echo request packet? > > tcpdump -nn -i eth1 icmp > > ping -nc 1 172.165.0.15 > > Do you see packets, sourced from 192.168.1.252? > > -Martin > > -- > Martin A. Brown > http://linux-ip.net/ -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
