1

I'm trying to figure out if I need further configuration to allow outbound traffic to work on a different interface than inbound traffic.

My setup is two servers.

Server1 has eth1 on VLAN100 and eth2 on VLAN200.

Server2 has eth1 on VLAN100 and no interface on VLAN200.

Server1 eth1's IP is 10.1.0.2 in the 10.1.0.0/24 subnet with gateway1 10.1.0.1.

Server1 eth2's IP is 10.2.0.2 in the 10.2.0.0/24 subnet with gateway2 10.2.0.1.

Server2 eth1's IP is 10.1.0.3 in the 10.1.0.0/24 subnet with gateway1 10.1.0.1.

Gateway1 (10.1.0.1) will route 10.2.0.0/24 traffic through gateway2 (10.2.0.1) and vice versa.

Server1 can ping Server2's eth1 interface (10.1.0.2 -> 10.1.0.3). Server2 can ping Server1's eth1 interface (10.1.0.3 -> 10.1.0.2).

When Server2 pings Server1's eth2 IP (10.2.0.2), the Echo request is received on Server1, but Server1 does not respond. The source of the ping is 10.1.0.3, so Server1 should route the return traffic through its eth1 interface (10.1.0.2). So I think the round trip for this ping should be:

Flow of Inbound ICMP Echo Request

Server2 eth1 (10.1.0.3 - VLAN100)
Gateway1     (10.1.0.1 - VLAN100)
Gateway2     (10.2.0.1 - VLAN200)
Server1 eth2 (10.2.0.2 - VLAN200)

Expected Flow of Outbound ICMP Echo Reply

Server1 eth1 (10.1.0.2 - VLAN100)
Gateway1     (10.1.0.1 - VLAN100)
Server2 eth2 (10.1.0.3 - VLAN100)

Via tcpdump on Server1, I can see that the ICMP packets from Server2 are reaching Server1's eth2 interface, but the ICMP response is not leaving Server1 on any interface. I can't figure out why they are being dropped in Server1.

EDIT: Further information

Both subnets have netmask 255.255.255.0 and the interfaces have been confirmed to also have netmask 255.255.255.0.

Server1 has default gateway through 10.1.0.1

Server2 has default gateway through 10.1.0.1

Server1:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.1.0.1        0.0.0.0         UG    0      0        0 eth1
10.2.0.0        0.0.0.0         255.255.255.0   U     0      0        0 eth2
10.1.0.0        0.0.0.0         255.255.255.0   U     0      0        0 eth1

Server2:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.1.0.1        0.0.0.0         UG    0      0        0 eth1
10.1.0.0        0.0.0.0         255.255.255.0   U     0      0        0 eth1
Improve this question
1
  • Your description is unclear to me. Can you provide the route tables and netmasks for each system please. It sounds like server2 does not have a default gateway or route for 10.1 via gateway or there is a netmask issue.
    – davidgo
    Commented May 1, 2019 at 18:12

1 Answer 1

Reset to default
1

Partial answer:

Server 1 sees a packet arriving from 10.1.0.0/24 on eth2 with subnet 10.2.0.0/24, while at the same time there exists another interface eth1 with subnet 10.1.0.0/24.

The default configuration of the Linux kernel is to interpret this as a routing mistake (a packet from 10.1.0.*/24 should arrive on eth1, not on eth2) and therefore it decides to drop the packet, in order to not flood the network with packets in response to the stuff the "misconfigured" router(s) do. Which is the reason you don't see an ICMP echo reply.

There are ways to configure this behavior via /proc or /sys, but I'd have to lookup the details. In any case, it may require some fiddling to get this intended behavior (and you'll have to be careful not to break other things while doing that).

So the easy way is to fix your network topology and subnetting ranges, and set up something more standard. You didn't explain why you think you need this particular setup; there may be a way to achieve what you want while still adhering to networking best practices. So your question may be an XY question. Therefore, please edit the question and explain your main goal.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .