2

I am using a remote computer, I use SSH and a static IP to connect to it. I would like to know how to edit the routing table to exit Internet using my wireless interface but still be able to connect to it using SSH and the static IP.

I tried changing the metric value on the wireless interface route but I lose the connection, so I guess I changed it to route everything through the WiFi interface.

Here it is my actual routing table of the remote computer (obviously I've obfuscate some of the IP addresses):

# ip route list
default via 193.*.*.1*9 dev eth0 proto static metric 100 
default via 192.168.0.1 dev wlan3 proto static metric 600 
default via 192.168.0.1 dev wlan1 proto static metric 601 
192.168.0.0/24 dev wlan3 proto kernel scope link src 192.168.0.127 metric 600 
192.168.0.0/24 dev wlan1 proto kernel scope link src 192.168.0.143 metric 601 
193.*.*.1*8/25 dev eth0 proto kernel scope link src 193.*.*.1*7 metric 100

And here the output of route -n:

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         193.*.*.1*9     0.0.0.0         UG    100    0        0 eth0
0.0.0.0         192.168.0.1     0.0.0.0         UG    600    0        0 wlan3
0.0.0.0         192.168.0.1     0.0.0.0         UG    601    0        0 wlan1
192.168.0.0     0.0.0.0         255.255.255.0   U     600    0        0 wlan3
192.168.0.0     0.0.0.0         255.255.255.0   U     601    0        0 wlan1
193.*.*.1*8     0.0.0.0         255.255.255.128 U     100    0        0 eth0

As a summary, the idea is route SSH traffic through eth0 interface and the rest of the traffic through wlan3.

Improve this question
8
  • Why did you change the metric value on the wireless interface? Why do you have three different default gateways? Why not just set the default gateway to be the wireless interface and add a static route for your static IP address?
    – igal
    Commented Nov 18, 2017 at 18:07
  • About changing the metric, it was a stupid idea, just testing. About gateways I don't know, I didn't change anything else. And about setting the default gateway to be the wireless interface and the static route, it could be a good idea, but I am mostly a newbie on this kind of topics. So well, I'm going to try it. But I would like to send SSH traffic and anything else over eth0. Maybe it would be better to use iptables?
    – ebdecastro
    Commented Nov 18, 2017 at 18:12
  • Yeah, I was going to suggest iptables as possibly a more appropriate tool. The routing table doesn't have the ability to do application-specific routing like that. That said, if you're only concerned with a single IP address then you can accomplish what you want without IP tables.
    – igal
    Commented Nov 18, 2017 at 18:16
  • 1
    @igal: Guys, iptables is not needed to setup routing. Nor is it needed for everything that somehow has to do with networking. I don't know why everyone is attempting to sell iptables as the solution for everything, please stop spreading this disinformation. It's a routing problem, so use the routing tools. Linux has routing tools, the kernel does routing, and these features are optimized (unlike iptables) to deal with issues like these.
    – dirkt
    Commented Nov 19, 2017 at 6:47
  • 1
    @igal: But you don't need (nor want) to route ssh traffic separately - the host with the static IP is behind a different interface, so you can route all traffic to that host to that interface, say telnet, ftp, or whatever. This is really not the place for a long discussion about this issue, but I'm getting sick of all the recommendations for iptables when you clearly need to do routing. Sorry you were the target for my rant.
    – dirkt
    Commented Nov 19, 2017 at 21:32

1 Answer 1

Reset to default
1

To verify if I understood your question correctly: You have a local computer with 2 WLAN interfaces and 1 LAN interface that you are using. Behind the LAN interface, there's another computer you want to access with a static IP. All other traffic should go through the WLAN interfaces. The WLAN interfaces acquire their addresses with DHCP.

If that's correct, you need a single default rule for one of the WLAN interfaces ("exit to the internet using the wireless interface") in addition to each of the rules for the segment ("reach the remote server under the static address"). The routes for the WLAN interfaces are probably set automatically, and it doesn't hurt that theirs two of them as long as they have different priority, and you are aware you'll be only using one WLAN interface.

So the routing table should look like this:

default via 192.168.0.1 dev wlan3 proto static metric 600 
default via 192.168.0.1 dev wlan1 proto static metric 601 
192.168.0.0/24 dev wlan3 proto kernel scope link src 192.168.0.127 metric 600 
192.168.0.0/24 dev wlan1 proto kernel scope link src 192.168.0.143 metric 601 
193.*.*.1*8/25 dev eth0 proto kernel scope link src 193.*.*.1*7 metric 100

Assuming these are the default metrics, and assuming that the server you want to access via SSH has an 193...1*8 address (you didn't say). If it doesn't, you need an additional rule for the server address.

In other words, just do

ip route del 193.*.*.1*9 dev eth0 proto static metric 100

(with the correct IP address, of course).

Depending on how the LAN interface acquires its address (Network Manager?), you may automate this.

Edit

So the picture is like this:

+--------------+    +---------------------+    +-------------+               
|        eth0  |----| Some other computer |....| remote host |
| Laptop       |    +---------------------+    +-------------+
|        wlan0 |    +---------+
| Laptop wlan1 |::::| Some AP |
+--------------+    +---------+

Is this correct? If not, please clarify buy editing your question. A picture like the one above would help.

I understand that you want to protect public IP addresses, but that makes it difficult to assess the situation.

Let's assume the host you want to connect via ssh has the public IP address 1.2.3.4. On your laptop, WLAN has the address range 192.168.0.*/24 with gateway 192.168.0.1, and your LAN has the address range 192.168.1.*/24 with gateway 192.168.1.1. That's probably more realistic than your numbers (because everything that starts with 192.168 is in the private IP range; it's unlikely your LAN segment has a public IP range). Given that, your routing table on the laptop should be similar to

default via 192.168.0.1 dev wlanX
1.2.3.4 via 19.168.1.1 dev eth0
192.168.0.0/24 dev wlanX ...
192.168.1.0/24 dev eth0 ...

We are not interested in the routing table on the other computer or the ssh host.

Routes are matched by more specific prefixes, so this says "send traffic to 1.2.3.4 to the LAN gateway, traffic for the local segements through WLAN resp. LAN, and everything else to the WLAN gateway". You can verify with ip route get:

$ ip route get 1.2.3.4
1.2.3.4 via 192.168.1.1 dev eth0
$ ip route get 1.2.3.5
1.2.3.5 via 192.168.0.1 dev wlanX

You either need to adapt this to your situation, or explain your local setup in more detail. It's safe to give IP addresses of the form 192.168.*.* and 10.*.*.*, these are private network addresses used by many people, and can't be used to identify you or your computer.

Improve this answer
2
  • Sorry I didn't explain myself in the right way. I am using my laptop to connect via ssh to a remote computer. This ssh connection is done through a static IP using a LAN interface. I would like to only use the LAN interface to connect from my laptop using SSH and one of the wireless interfaces to the rest of the traffic. The routing table belongs to the remote computer. I've tryed to solve it using iptables but the rest of the traffic is droped when I though (as an example firefox) it would change the interface to one that allows that kind of traffic.
    – ebdecastro
    Commented Nov 20, 2017 at 18:57
  • I have tested your solution and if I delete such a rule, I loose my access via SSH.
    – ebdecastro
    Commented Nov 20, 2017 at 19:11

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .