Re: ipt_ROUTE loopback

From: Willy Tarreau
Date: Wed Nov 16 2005 - 23:58:47 EST

Next message: Antonino A. Daplas: "Re: X and intelfb fight over videomode"
Previous message: Jeff V. Merkey: "Re: [2.6 patch] i386: always use 4k stacks"
In reply to: Jon Masters: "ipt_ROUTE loopback"
Next in thread: Bill Rugolsky Jr.: "Re: ipt_ROUTE loopback"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Nov 17, 2005 at 03:01:46AM +0000, Jon Masters wrote:
> Folks,
>
> I'm trying to find an easy way to have a Linux box completely ignore
> the local routing table and have traffic destined for one interface go
> out of a loopback cable and back into the other rather than traversing
> the local routing within the host, viz:
>
> eth0
> x.x.x.x
> |
> | <--- loopback cable
> |
> eth1
> y.y.y.y
>
> This is completely against normal practice, but useful for test. I've
> so far tried playing around with iproute2 and have this evening built
> up ipt_ROUTE, which seems more promising. I can get traffic forced out
> of the "correct" interface and bypass the local routing table, but it
> always has the destination MAC of the first interface when it reaches
> the second.
>
> So, I can bodge the destination MAC (I'm still deciding how to do that
> - maybe I'll take apart ipt_ROUTE and have it do MAC rewriting too)
> but I'm curious as to whether there's a "right" way to do this that
> I've so far missed? I've considered using the briding code in some
> weird kind of transparent-yet-not-really bridge setup, but I don't
> really want to do that.
>
> Any suggestions? This seems like something others must have also
> wanted to do. I'm happy to break things in doing it, but I'm hopeful
> for a "you missed this page...".

You missed this page... :-)

You need to use Julian Anastasov's "send-to-self" patch from ssi.bg/~ja/.
The problem is not with ipt_route, but with the local addresses. If you
want the packet to go out, you need to remove the local route for the
destination. The packet will then go out, but when it will come back,
the system won't take it because its destination won't match a local
route. Try "ip r l t local" to see what I mean.

With Julian's patch, IIRC, you write '1' into /proc/sys/net/ipv4/$IF/loop,
then you define some cross-routes for destinations with the respective
sources from the opposite interfaces, then all packets routed out with
a 'looped' interface address in their source will effectively go out.

I also suggest that you get his whole '-ja' patch, and that you look
in Documentation/networking/ip-sysctl.txt in which he adds some
documentation about this (and I believe there was a more complete
example on his site).

Good luck,
Willy

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Antonino A. Daplas: "Re: X and intelfb fight over videomode"
Previous message: Jeff V. Merkey: "Re: [2.6 patch] i386: always use 4k stacks"
In reply to: Jon Masters: "ipt_ROUTE loopback"
Next in thread: Bill Rugolsky Jr.: "Re: ipt_ROUTE loopback"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]