Linux: Route Reply Packets Back Through The Same Interface

Posted on January 3, 2012 by Nick Webb
Once again I’m thwarted by the design of the Linux network stack. You see, by default, when a packet comes into one interface in Linux, you can’t count on the reply coming back through the same interface. This is not always a problem, but often if that reply was through a firewall the firewall will reject the reply connection as it comes from a different interface/MAC address.

This happened to me again today, for about the third inconvenient time. This time it was too much hassle to move things around, so I found a good solution from Novell.

I don’t know if it will persist reboots, but it’s enough to get me through a few days (we are moving to new IP space anyway). Here is what I did, in my case (192.x.98.192 was the newly added, badly behaving interface):


sudo vi rt_tables # add table vlan98 with an unused id (252)
sudo ip route add 192.x.98.0/24 dev eth1 src 192.124.98.192 table vlan98
sudo ip route add default via 192.x.98.1 dev eth1 src 192.124.98.192 table vlan98
sudo ip rule add from 192.x.98.192 table vlan98
I hope that saves someone some time.

 

This entry was posted in Tech Tips. Bookmark the permalink.

3 Responses to Linux: Route Reply Packets Back Through The Same Interface

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Testimonials

We truly appreciated Nick's professional and creative approach to our DRP from [an] Open Source back end. You provide a valuable service in the Pacific NW. Thanks Nick!”

— Kimberly Dodd, CPA, Broker

“I can honestly say that you are the best hire I have ever made.”

— Mark Young, Ph.D., Director, Network & Server Systems, University of Puget Sound

”Our project required a deep knowledge... It was immediately evident that you had the experience and skills to pull it off.”

— Patrick Stroud, President, PLY Interactive, Inc.