Linux: Route Reply Packets Back Through The Same Interface

Once again I’m thwarted by the design of the Linux network stack. You see, by default, when a packet comes into one interface in Linux, you can’t count on the reply coming back through the same interface. This is not always a problem, but often if that reply was through a firewall the firewall will reject the reply connection as it comes from a different interface/MAC address.

This happened to me again today, for about the third inconvenient time. This time it was too much hassle to move things around, so I found a good solution from Novell.

I don’t know if it will persist reboots, but it’s enough to get me through a few days (we are moving to new IP space anyway). Here is what I did, in my case (192.x.98.192 was the newly added, badly behaving interface):

sudo vi rt_tables # add table vlan98 with an unused id (252)
sudo ip route add 192.x.98.0/24 dev eth1 src table vlan98
sudo ip route add default via 192.x.98.1 dev eth1 src table vlan98
sudo ip rule add from 192.x.98.192 table vlan98
I hope that saves someone some time.


This entry was posted in Tech Tips. Bookmark the permalink.

3 Responses to Linux: Route Reply Packets Back Through The Same Interface

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.


We truly appreciated Nick's professional and creative approach to our DRP from [an] Open Source back end. You provide a valuable service in the Pacific NW. Thanks Nick!”

— Kimberly Dodd, CPA, Broker

“I can honestly say that you are the best hire I have ever made.”

— Mark Young, Ph.D., Director, Network & Server Systems, University of Puget Sound

”Our project required a deep knowledge... It was immediately evident that you had the experience and skills to pull it off.”

— Patrick Stroud, President, PLY Interactive, Inc.