I'm trying to configure source based routing on my ubuntu-machine. As simplest example I'm trying to configure the only one interface on my machine. All configuration taken from here: https://www.thomas-krenn.com/en/wiki/Two_Default_Gateways_on_One_System
ip route
10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15
ip route show table rtgate
default via 10.0.2.2 dev enp0s3
10.0.2.0/24 dev enp0s3 scope link src 10.0.2.15
ip rule
0: from all lookup local
32764: from all to 10.0.2.15 lookup rtgate
32765: from 10.0.2.15 lookup rtgate
32766: from all lookup main
32767: from all lookup default
But when I'm trying to pig 8.8.8.8 I always get 'Network is unreachable' message: ping 8.8.8.8
connect: Network is unreachable
ping -I enp0s3 8.8.8.8
ping: sendmsg: Network is unreachable
ping: sendmsg: Network is unreachable
I also tried to add fake/not-existed (10.0.2.16) gateway into global, but I got 'Destination Host Unreachable' messages.
It seems like the packets from 10.0.2.15 are not forwarded to 10.0.2.2 and packets just forwarded to default gateway.
ip route flush cache does not help.
Does anyone have any idea?
Big update
Ubuntu
This morning I continued my little investigation. In beginning I reconfigured my ubuntu-machine: there was another interface added with default gateway.
root@metalmachine:~# ip route
default via 10.0.4.2 dev enp0s9
10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15
10.0.4.0/24 dev enp0s9 proto kernel scope link src 10.0.4.15
Target still the same: to configure source based routing for enp0s3.
root@metalmachine:~# ip route show table rtgate
default via 10.0.2.2 dev enp0s3
root@metalmachine:~# ip rule
0: from all lookup local
32765: from 10.0.2.15 lookup rtgate
32766: from all lookup main
32767: from all lookup default
Yep. The same problem occurred.
When I'm running ping -I enp0s3 8.8.8.8, ICMP-responses successfully comes from 8.8.8.8 BUT they come through enp0s9. tcpdump -i enp0s3 -n still silent and when I'm shutting down enp0s9 responses stop coming.
Debian
Ok, I was tried to configure same feature on Debian 8.7.
root@metalmachine:~# ip route
default via 10.0.3.2 dev eth1
10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15
10.0.3.0/24 dev eth1 proto kernel scope link src 10.0.3.15
root@metalmachine:~# ip route show table backup
default via 10.0.2.2 dev eth0
root@metalmachine:~# ip rule
0: from all lookup local
32765: from 10.0.2.15 lookup backup
32766: from all lookup main
32767: from all lookup default
That's what I got with running tcpdump -i eth0 -n &:
root@metalmachine:~# ping -I eth0 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 10.0.2.15 eth0: 56(84) bytes of data.
11:36:34.432372 ARP, Request who-has 8.8.8.8 tell 10.0.2.15, length 28
11:36:35.430668 ARP, Request who-has 8.8.8.8 tell 10.0.2.15, length 28
^C
root@metalmachine:~# arp -an
? (10.0.2.2) at 52:54:00:12:35:02 [ether] on eth0
? (8.8.8.8) at <incomplete> on eth0
? (10.0.3.2) at 52:54:00:12:35:02 [ether] on eth1
Well, looks like system tries to resolve ARP for 8.8.8.8 and no matter what 8.8.8.8 located in different network. And no matter what proxy-arp is disabled on all interfaces:
root@metalmachine:~# cat /proc/sys/net/ipv4/conf/*/proxy_arp
0
0
0
0
0
But when I tried ping -I 10.0.2.15 8.8.8.8:
PING 8.8.8.8 (8.8.8.8) from 10.0.2.15 : 56(84) bytes of data.
11:54:58.434966 IP 10.0.2.15 > 8.8.8.8: ICMP echo request, id 1430, seq 1, length 64
10:54:58.446248 IP 8.8.8.8 > 10.0.2.15: ICMP echo reply, id 1430, seq 1, length 64
64 bytes from 8.8.8.8: icmp_seq=1 ttl=63 time=11.4 ms
After watching counters of eth0 I was convinced that packets move through eth0. IT WORKS! But there are some conclusions:
- Ubuntu 16.10 with iputils-s20150815 does not forward packets to specified routing table by
ip rules, or I'm doing it wrong.ping -I enp0s3 8.8.8.8sends packets through default route. pingutility from iputils-s20150815 on Ubuntu 16.10 has some problems with-Iargument or I'm doing it wrong. For example:ping -I 10.0.2.15 8.8.8.8returnsping: unknown iface 10.0.2.15- ping utility from iputils-s20121221 on Debian 8.7 tries to resolve ARP for host from different network or I'm doing it wrong.
Please, could someone tell me where I'm wrong?
