Problem with ip spoofing load balancing

Niccolò Belli <darkbasic@xxxxxxxxxxxxxxx> · Wed, 26 Oct 2011 00:10:13 +0200

Hi,
My router is a linux box with two adsl lines attached, one with a 16 IP 
subnet and another with a single static address.

Since I need more upload bandwidth and my isp allows me to do ip 
spoofing, I decided to do an ip spoofing load bal.

Unfortunately it doesn't work with every client and I don't know why :(

nas0 is the adsl with the public subnet, ppp0 is the adsl with the 
single static ip. server_ip is one of the IPs of the subnet.

This is the log with a working client:

SERVER:
Oct 25 22:45:47 firewall kernel: [22098.077637] **NEW** IN NAS0 
CONNIN=nas0 OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=60 TOS=0x00 
PREC=0x00 TTL=58 ID=16271 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=14600 
RES=0x00 SYN URGP=0
Oct 25 22:45:47 firewall kernel: [22098.096517] OUT PPP0 CONNIN=ethWEB 
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=60 TOS=0x00 PREC=0x00 
TTL=63 ID=0 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=5792 RES=0x00 ACK SYN 
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.195139] IN NAS0 CONNIN=nas0 
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 
TTL=58 ID=16272 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=229 RES=0x00 ACK 
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.214590] IN NAS0 CONNIN=nas0 
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=655 TOS=0x00 PREC=0x00 
TTL=58 ID=16273 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=229 RES=0x00 ACK 
PSH URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.233922] OUT PPP0 CONNIN=ethWEB 
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00 
TTL=63 ID=51475 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK 
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.315441] OUT PPP0 CONNIN=ethWEB 
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=1482 TOS=0x00 PREC=0x00 
TTL=63 ID=51476 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK 
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.335592] OUT PPP0 CONNIN=ethWEB 
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=155 TOS=0x00 PREC=0x00 
TTL=63 ID=51477 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK 
PSH URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.355670] OUT PPP0 CONNIN=ethWEB 
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00 
TTL=63 ID=51478 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK 
FIN URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.434146] IN NAS0 CONNIN=nas0 
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 
TTL=58 ID=16274 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=273 RES=0x00 ACK 
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.454836] IN NAS0 CONNIN=nas0 
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 
TTL=58 ID=16275 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=273 RES=0x00 ACK 
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.473351] IN NAS0 CONNIN=nas0 
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 
TTL=58 ID=16276 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=273 RES=0x00 ACK 
FIN URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.492317] IN NAS0 CONNIN=nas0 
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 
TTL=58 ID=16277 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=273 RES=0x00 ACK 
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.510745] OUT PPP0 CONNIN=ethWEB 
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00 
TTL=63 ID=51479 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK 
URGP=0 MARK=0x4

CLIENT:
Oct 25 22:46:27 laptop kernel: [92080.819184] *NEW* OUT CONN IN= 
OUT=wlan1 SRC=192.168.1.2 DST=<server_ip> LEN=60 TOS=0x00 PREC=0x00 
TTL=64 ID=16271 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=14600 RES=0x00 SYN 
URGP=0
Oct 25 22:46:27 laptop kernel: [92080.938028] IN CONN IN=wlan1 OUT= 
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip> 
DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP 
SPT=80 DPT=34877 WINDOW=5792 RES=0x00 ACK SYN URGP=0
Oct 25 22:46:27 laptop kernel: [92080.938067] OUT CONN IN= OUT=wlan1 
SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64 
ID=16272 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=229 RES=0x00 ACK URGP=0
Oct 25 22:46:27 laptop kernel: [92080.938565] OUT CONN IN= OUT=wlan1 
SRC=192.168.1.2 DST=<server_ip> LEN=655 TOS=0x00 PREC=0x00 TTL=64 
ID=16273 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=229 RES=0x00 ACK PSH URGP=0
Oct 25 22:46:27 laptop kernel: [92081.075375] IN CONN IN=wlan1 OUT= 
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip> 
DST=192.168.1.2 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=51475 DF PROTO=TCP 
SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK URGP=0
Oct 25 22:46:27 laptop kernel: [92081.174877] IN CONN IN=wlan1 OUT= 
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip> 
DST=192.168.1.2 LEN=1482 TOS=0x00 PREC=0x00 TTL=51 ID=51476 DF PROTO=TCP 
SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK URGP=0
Oct 25 22:46:27 laptop kernel: [92081.174903] OUT CONN IN= OUT=wlan1 
SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64 
ID=16274 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=273 RES=0x00 ACK URGP=0
Oct 25 22:46:27 laptop kernel: [92081.178769] IN CONN IN=wlan1 OUT= 
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip> 
DST=192.168.1.2 LEN=155 TOS=0x00 PREC=0x00 TTL=50 ID=51477 DF PROTO=TCP 
SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK PSH URGP=0
Oct 25 22:46:27 laptop kernel: [92081.178793] OUT CONN IN= OUT=wlan1 
SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64 
ID=16275 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=273 RES=0x00 ACK URGP=0
Oct 25 22:46:27 laptop kernel: [92081.178861] OUT CONN IN= OUT=wlan1 
SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64 
ID=16276 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=273 RES=0x00 ACK FIN URGP=0
Oct 25 22:46:27 laptop kernel: [92081.198553] IN CONN IN=wlan1 OUT= 
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip> 
DST=192.168.1.2 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=51478 DF PROTO=TCP 
SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK FIN URGP=0
Oct 25 22:46:27 laptop kernel: [92081.198590] OUT CONN IN= OUT=wlan1 
SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64 
ID=16277 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=273 RES=0x00 ACK URGP=0
Oct 25 22:46:28 laptop kernel: [92081.351125] IN CONN IN=wlan1 OUT= 
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip> 
DST=192.168.1.2 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=51479 DF PROTO=TCP 
SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK URGP=0

This is the log with a *NOT* working client:

SERVER:
Oct 25 22:32:55 firewall kernel: [21325.121680] **NEW** IN NAS0 
CONNIN=nas0 OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=60 TOS=0x00 
PREC=0x00 TTL=54 ID=14919 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=5840 
RES=0x00 SYN URGP=0
Oct 25 22:32:55 firewall kernel: [21325.140239] OUT PPP0 CONNIN=ethWEB 
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=60 TOS=0x00 PREC=0x00 
TTL=63 ID=0 DF PROTO=TCP SPT=80 DPT=31549 WINDOW=5792 RES=0x00 ACK SYN 
URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.236986] IN NAS0 CONNIN=nas0 
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 
TTL=54 ID=14920 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=46 RES=0x00 ACK 
URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.267581] IN NAS0 CONNIN=nas0 
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=653 TOS=0x00 PREC=0x00 
TTL=54 ID=14921 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=46 RES=0x00 ACK PSH 
URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.286615] OUT PPP0 CONNIN=ethWEB 
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00 
TTL=63 ID=55122 DF PROTO=TCP SPT=80 DPT=31549 WINDOW=438 RES=0x00 ACK 
URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.385647] OUT PPP0 CONNIN=ethWEB 
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=137 TOS=0x00 PREC=0x00 
TTL=63 ID=55124 DF PROTO=TCP SPT=80 DPT=31549 WINDOW=438 RES=0x00 ACK 
PSH URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.405173] OUT PPP0 CONNIN=ethWEB 
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00 
TTL=63 ID=55125 DF PROTO=TCP SPT=80 DPT=31549 WINDOW=438 RES=0x00 ACK 
FIN URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.484020] IN NAS0 CONNIN=nas0 
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=64 TOS=0x00 PREC=0x00 
TTL=54 ID=14922 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=46 RES=0x00 ACK 
URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.504418] IN NAS0 CONNIN=nas0 
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=64 TOS=0x00 PREC=0x00 
TTL=54 ID=14923 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=46 RES=0x00 ACK 
URGP=0 MARK=0x4

CLIENT:
Oct 25 22:32:54 shoutcast-server kernel: [180468.541703] *NEW* OUT CONN 
IN= OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=60 TOS=0x00 
PREC=0x00 TTL=64 ID=14919 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=5840 
RES=0x00 SYN URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.659871] IN CONN IN=eth0 
OUT= MAC=00:01:2e:2d:72:e3:00:11:92:95:25:72:08:00 SRC=<server_ip> 
DST=192.168.203.10 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=TCP 
SPT=80 DPT=49680 WINDOW=5792 RES=0x00 ACK SYN URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.659935] OUT CONN IN= 
OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 
TTL=64 ID=14920 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=46 RES=0x00 ACK URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.660406] OUT CONN IN= 
OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=653 TOS=0x00 PREC=0x00 
TTL=64 ID=14921 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=46 RES=0x00 ACK PSH 
URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.805969] IN CONN IN=eth0 
OUT= MAC=00:01:2e:2d:72:e3:00:11:92:95:25:72:08:00 SRC=<server_ip> 
DST=192.168.203.10 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=55122 DF 
PROTO=TCP SPT=80 DPT=49680 WINDOW=438 RES=0x00 ACK URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.908678] IN CONN IN=eth0 
OUT= MAC=00:01:2e:2d:72:e3:00:11:92:95:25:72:08:00 SRC=<server_ip> 
DST=192.168.203.10 LEN=137 TOS=0x00 PREC=0x00 TTL=48 ID=55124 DF 
PROTO=TCP SPT=80 DPT=49680 WINDOW=438 RES=0x00 ACK PSH URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.908733] OUT CONN IN= 
OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=64 TOS=0x00 PREC=0x00 
TTL=64 ID=14922 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=46 RES=0x00 ACK URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.924857] IN CONN IN=eth0 
OUT= MAC=00:01:2e:2d:72:e3:00:11:92:95:25:72:08:00 SRC=<server_ip> 
DST=192.168.203.10 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=55125 DF 
PROTO=TCP SPT=80 DPT=49680 WINDOW=438 RES=0x00 ACK FIN URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.924914] OUT CONN IN= 
OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=64 TOS=0x00 PREC=0x00 
TTL=64 ID=14923 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=46 RES=0x00 ACK URGP=0

As you can see both clients do receive the spoofed packets, but the 
second one can't load the page.

Suggestions?

Thanks,
Niccolò
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html