1

I'm running Ubuntu 18.04 with two interfaces on separate vlans. I'm running a web server which is listening on both interfaces. From each of the lans I can connect to the web server.

One of the interfaces has internet traffic being forwarded to it (eth1). I'm certain the forwarding is working, but I get no response from the web server when connecting from the internet.

I've played with rp_filter settings but no joy. I've also tried creating a static route for my external ip to force it out of eth1 (as a test).

The route table currently looks like this:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         _gateway        0.0.0.0         UG    100    0        0 eth0
10.1.10.0       0.0.0.0         255.255.255.0   U     0      0        0 eth1
10.1.100.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
168.63.129.16   _gateway        255.255.255.255 UGH   100    0        0 eth0
169.254.169.254 _gateway        255.255.255.255 UGH   100    0        0 eth0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
172.18.0.0      0.0.0.0         255.255.0.0     U     0      0        0 br-0b0f26340bc7

Is this because eth0 is the default gateway? eth0 has no internet access (blocked by a firewall). Should this setup work?

Thanks

simon_dmorias
  • 111
  • 4
  • So the 168.63 address is the source of your test connection? Can you run `tcpdump -i eth1 -f 'port 80 or port 443'` (whichever port you're using) and try to connect again, then add the output to your question? (You might need to install it first) – SmallClanger Aug 30 '19 at 13:18
  • Not sure what the 168/9 ips are - maybe docker added? Output of the command is this repeated many times: 14:37:32.508894 IP [MYPUBLICIP].52339 > SERVERNAME.80: Flags [S], seq 631177094, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0. To me it looks like it receives traffic but does not return it. – simon_dmorias Aug 30 '19 at 13:40
  • 1
    That's right. The SYNs are coming in but no response is going out. Try the sam `tcpdump` on `eth0` you'll probably see the `[S.]` (SYN,ACK) responses going out via the default route. If you need to respond to any incoming connections on `eth1` that that should be your default gw, but you'll need to first add specific routes for any networks on the eth0 side. – SmallClanger Aug 30 '19 at 14:05
  • Thanks for your directions. I've managed to solve this by following this: https://unix.stackexchange.com/questions/4420/reply-on-same-interface-as-incoming – simon_dmorias Aug 30 '19 at 15:31

0 Answers0