Once again I’m thwarted by the design of the Linux network stack. You see, by default, when a packet comes into one interface in Linux, you can’t count on the reply coming back through the same interface. This is not always a problem, but often if that reply was through a firewall the firewall will reject the reply connection as it comes from a different interface/MAC address.
This happened to me again today, for about the third inconvenient time. This time it was too much hassle to move things around, so I found a good solution from Novell.
I don’t know if it will persist reboots, but it’s enough to get me through a few days (we are moving to new IP space anyway). Here is what I did, in my case (192.x.98.192 was the newly added, badly behaving interface):
sudo vi rt_tables # add table vlan98 with an unused id (252)
sudo ip route add 192.x.98.0/24 dev eth1 src 192.124.98.192 table vlan98
sudo ip route add default via 192.x.98.1 dev eth1 src 192.124.98.192 table vlan98
sudo ip rule add from 192.x.98.192 table vlan98
I hope that saves someone some time.
3 Responses to Linux: Route Reply Packets Back Through The Same Interface