Once again I’m thwarted by the design of the Linux network stack. You see, by default, when a packet comes into one interface in Linux, you can’t count on the reply coming back through the same interface. This is not always a problem, but often if that reply was through a firewall the firewall will reject the reply connection as it comes from a different interface/MAC address.
This happened to me again today, for about the third inconvenient time. This time it was too much hassle to move things around, so I found a good solution from Novell.
I don’t know if it will persist reboots, but it’s enough to get me through a few days (we are moving to new IP space anyway). Here is what I did, in my case (192.x.98.192 was the newly added, badly behaving interface):
sudo vi rt_tables # add table vlan98 with an unused id (252)
sudo ip route add 192.x.98.0/24 dev eth1 src 192.124.98.192 table vlan98
sudo ip route add default via 192.x.98.1 dev eth1 src 192.124.98.192 table vlan98
sudo ip rule add from 192.x.98.192 table vlan98
I hope that saves someone some time.
Thanks! This just saved me hours of head scratching.
An outstanding share! I’ve just forwarded this onto a colleague who has been
conducting a little homework on this. And he in fact bought me dinner due to the fact that
I discovered it for him… lol. So allow me to reword this….
Thank YOU for the meal!! But yeah, thanx for spending
some time to discuss this topic here on your
site.
You are welcome, I’m glad that I’ve saved your colleague from hours of hair pulling… there are enough things to agonize over in life.