Linux: Route Reply Packets Back Through The Same Interface

Once again I’m thwarted by the design of the Linux network stack. You see, by default, when a packet comes into one interface in Linux, you can’t count on the reply coming back through the same interface. This is not always a problem, but often if that reply was through a firewall the firewall will reject the reply connection as it comes from a different interface/MAC address.

This happened to me again today, for about the third inconvenient time. This time it was too much hassle to move things around, so I found a good solution from Novell.

I don’t know if it will persist reboots, but it’s enough to get me through a few days (we are moving to new IP space anyway). Here is what I did, in my case (192.x.98.192 was the newly added, badly behaving interface):


sudo vi rt_tables # add table vlan98 with an unused id (252)
sudo ip route add 192.x.98.0/24 dev eth1 src 192.124.98.192 table vlan98
sudo ip route add default via 192.x.98.1 dev eth1 src 192.124.98.192 table vlan98
sudo ip rule add from 192.x.98.192 table vlan98
I hope that saves someone some time.

 

This entry was posted in Tech Tips. Bookmark the permalink.

3 Responses to Linux: Route Reply Packets Back Through The Same Interface

  1. Will says:

    Thanks! This just saved me hours of head scratching.

  2. here says:

    An outstanding share! I’ve just forwarded this onto a colleague who has been
    conducting a little homework on this. And he in fact bought me dinner due to the fact that
    I discovered it for him… lol. So allow me to reword this….
    Thank YOU for the meal!! But yeah, thanx for spending
    some time to discuss this topic here on your
    site.

Leave a Reply

Your email address will not be published. Required fields are marked *

 

Testimonials

We truly appreciated Nick's professional and creative approach to our DRP from [an] Open Source back end. You provide a valuable service in the Pacific NW. Thanks Nick!”

— Kimberly Dodd, CPA, Broker

“I can honestly say that you are the best hire I have ever made.”

— Mark Young, Ph.D., Director, Network & Server Systems, University of Puget Sound

”Our project required a deep knowledge... It was immediately evident that you had the experience and skills to pull it off.”

— Patrick Stroud, President, PLY Interactive, Inc.