[solved] Trafic back from the interface it came from.

Started by toxic, March 25, 2021, 10:49:47 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 25, 2021, 10:49:47 PM Last Edit: March 26, 2021, 01:02:33 AM by toxic
Hello,
============
[Edit] : Seems I solved my issues by simply adding a routing table and adding a rule to say traffic from 10.0.10.0/24 uses this routing table that only has a default route to the gateway.
I just need to make sure that survives a reboot now... But that's realy a debian question then and not anymore a networking issue...
============

I'm realy new to networking it seems since it took me a while to understand why my ssh connection is dropping off, in fact, my client is going through the gateway but the return packets are coming directly since the server knows of a more direct route.

Now I could cut off the direct route alltogether but in fact I like this route in case my gateway goes down, not that opnSense is unstable but it's actually a VM that I sometimes shutdown...

So the server has these routes for now :
Code Select
# ip route show
default via 10.0.10.1 dev vmbr10 proto kernel onlink
10.0.10.0/24 dev vmbr10 proto kernel scope link src 10.0.10.9
10.0.11.0/24 dev vmbr0.11 proto kernel scope link src 10.0.11.9
10.0.30.0/24 dev vmbr0.30 proto kernel scope link src 10.0.30.9


and that's true for all 3 last routes : I would like for the default route to be preffered to the last 3 "direct" routes since in fact when the 10.0.10.1 gateway is up it will work just fine and as you see it breaks some things to keep the other routes when gateway is up... ( that's because my client has a 10.0.30.0/24 IP and is contacting the server on his 10.0.10.0/24 IP, so client to server goes through the gateway and return trip is direct since servers already lives on 10.0.30.0/24, but that bypasses the gateway and the next packets are then dropped since the TCP state has been killed seeing no traffic...

I think there is a "weight" mechanism, but not sure how it would indeed detect that the 10.0.10.1 gateway is down...

Any hep in setting up this debian(proxmox) server to always prefer the gateway over the other known routes would be greatly appreciated, info on how gateway status is evaluated is also welcome !

And sorry if you feel hurt I ask debian-like questions on opnsense forum, that's where I usually find the most useful networking help ;)

Thanks in advance,

Regards

Edit: looking up route weight, it seems it's not what I need... In fact, I want some failover of routes... can we change the routing table if a CARP VIP is free for example ? In fact, vmbr10 will never be down since it's a bridge with a virtual link to the gateway, and physical to the failover gateway... but both gateways that are fighting for the CARP VIP might be down (with my skill in opnSense that happens more often than I wish, and then this direct route is my last resort to access proxmox and rescue the situation...)
Print
Go Up Pages1
User actions