Questions tagged [iproute2]
iproute2 (ip) is a tool used to manipulate network configurations.
251 questions
0
votes
1
answer
64
views
VPN & changing outbound interface per user - correct source IP but wrong interface
I am connected through a VPN and I want some user accounts to bypass it. VPN interface is tap0 (IP is 172.16.x.x), the main one is wlan0 (IP is 192.168.10.3). All regular traffic goes to the Internet ...
- 431
0
votes
1
answer
35
views
Stations in the subnets browse the internet but cannot see each other (ip route 2 ISPs)
On my router (ubuntu/NFTables) I configured two WANs, one from each different ISP.
In the current configuration, I can ensure that any machine in the subnets can navigate using the first or second ...
0
votes
1
answer
101
views
using multiple tables to route ips from TWO ISPs
I need to configure my router (Ubuntu Server 24/ NNFTables) so that computers connected to the lan1 and lan2 interfaces can browse the internet using the wan1 or wan2 interfaces, depending on the ...
0
votes
1
answer
234
views
Ping from dummy interface
I want to test NAT table using dummy interface. I have enp1s0 interface connected to internet and have configured NAT table to MASQUERADE packets as shown below.
random@debian:~$ ip addr
1: lo: &...
0
votes
0
answers
91
views
RTNETLINK answers: Invalid argument for IPV6 route add
My ISP provided me a leaseline with static IPV6 address, my side is A:B:C:41::2 and the oppsite side is A:B:C:41:1. And also they provided the IP set A:B:C:42:: for the users.
All users are using ...
1
vote
1
answer
98
views
DHCP is adding a route to the gateway: is it necessary?
My server is configured via DHCP using the following routes:
default via 10.10.10.1 dev ens3 proto dhcp src 10.10.10.2 metric 100
10.10.10.1 dev ens3 proto dhcp scope link src 10.10.10.2 metric 100
...
- 121
0
votes
1
answer
251
views
ip6gre tunnel ignores source device?
I'm trying to set up an ip6gre tunnel on Ubuntu with kernel 6.5.0-35-generic #35~22.04.1-Ubuntu and iproute2 5.15.0-1ubuntu2.
I ran into bugs with netplan and systemd-networkd (sigh) so I figured I'd ...
- 111
0
votes
0
answers
120
views
Route traffic to endpoint outside of wireguard tunnel via specific wireguard peer
I have a vpn wireguard setup as shown below between PeerA and PeerB. There is also an HTTPS endpoint not part of the WG tunnel - 192.168.2.10:443.
PeerB can netcat the HTTPS endpoint as expected:
root@...
2
votes
1
answer
365
views
IPv6 Route with expiry time, expires late
In recent versions of Linux, when an IPv6 route is added with an expiration time, I have noticed the expiration is exceeded by up to about 30 seconds.
Is there some slack built into the route ...
- 173
0
votes
1
answer
176
views
How to prevent automatic kernel subnet routing in Centos 7?
I'm using Centos 7 as a firewall by iptables and iproute2 routing rules.
My server has:
Three VLAN interfaces: VLAN10, VLAN20, VLAN30
Two custom routing tables: 100 and 200 in /etc/iproute2/rt_tables
...
- 21
1
vote
2
answers
296
views
Pass web traffic to VPN endpoint other than the OpenVPN envelope through the VPN itself
I have a Linux server that is an OpenVPN endpoint, but also hosts a webserver.
When my client connects to the server address for the webserver, the packets travel outside the VPN. Rightly so, since ...
- 83
0
votes
0
answers
55
views
Masquerading from a custom routing table does not work
In Ubuntu 22.04 server, masquerading/NATing from a custom routing table does not work (for VPN clients).
It does work however when I do not route traffic to a custom table (and let it remain in the ...
0
votes
0
answers
120
views
Openstack VM AlmaLinux OS 9.3-Multiple subnet NIC not working
I have situation to migrate Centos 7.9 to Almalinux 9.3 VM. Everything is working after migration and i have problem with Openstack Multi NIC not working in different subnet in AlmaLinux 9.3 OS.
eth0 ...
- 111
0
votes
1
answer
234
views
Debugging combination of tproxy and policy based routing
let me preface this by saying that I know I am combining a wild amount
of things in here, but sometimes that is where things take you.
So the scenario:
I'm using squid and tproxy to transparently ...
0
votes
0
answers
198
views
Requests between docker containers on same host using the public IP
I have a server with Docker and some containers executing. The host has a public ip and a service listening on port 80 from one of the containers.
If I try to wget the service using the public ip from ...
1
vote
0
answers
336
views
How to make secondary IP routable
I am trying to assign a secondary IP to my primary interface.
I added the IP to my eth0 interface
ip addr add 172.20.14.253/21 dev eth0
$ ip a show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,...
- 211
0
votes
0
answers
49
views
In a Linux environment, does the order of commands "ip Route" affect routing?
I attached multiple ethernets to the server, one for LAN and the rest for PPPOE.
Each packet connected to each PPPOE was sent by itself.
It works fine on CentOS 6.10.
In the 8 series, packets are ...
- 21
1
vote
0
answers
391
views
network namespace with veth bridge not working - ICMP sent but no reply
I'm attempting to achieve a somewhat standard bridged netns setup with a veth pair, with one end in the ns and the other on the bridge :
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -...
- 35
1
vote
1
answer
345
views
VPN gateway in custom route table fails
My goal is configure a container behave as a router which load balances over a number of VPN connections.
To do this I'm probabilistically marking initiating packets with:
iptables -I PREROUTING -t ...
- 35
0
votes
1
answer
1k
views
How to set up Parallel Redundancy Protocol on linux?
I'm trying to setup a PRP connection between to Linux machines (Ubuntu 20-04 LTS) following the doc from TI.
The module hsr is present (modprobe hsr works), but when I tried to use iproute2, it seems ...
- 186
3
votes
1
answer
3k
views
Why is Linux policy-based routing (PBR) not working for ping?
First of all, it seems as if this question is about Linux, but it seems to me that it is about basic routing concepts.
I happen to have the following configuration:
What I am trying to do is to ...
- 33
2
votes
1
answer
2k
views
Use netns to bind programs to specific IP addresses
I have an IP address on my server, say, 192.168.0.3, I want to share in a net namespace, so to run apps there which will only be able to communicate to the internet using that 192.168.0.3.
I can "...
- 151
1
vote
0
answers
405
views
How to make Wireguard and Tasilscale coexist on the same machine?
Seems that restarting the wg service always creates a routing table with higher priority than Tailsales which results in the inability to. connect to the machine via Tailscale until both services are ...
- 830
0
votes
1
answer
162
views
Ubuntu on VMWare with multiple adapters - can't ping outside
I've made a machine with 3 nic adapters. Everything works inside configured networks, but It looks like routing is not working correctly:
ping 8.8.8.8
ping: connect: Network is unreachable
Here's my ...
- 123
1
vote
1
answer
2k
views
How "ip route get" decides outgoing interface
Wondering what decides the outgoing interface. Here is my setup
Eno1 - 192.168.3 0.2/24, Gateway - 192.168.30.1
Eno2 - 192.168.50.2/24, Gateway - 192.168.50.1
My routing table looks like this -
[...
- 11
2
votes
1
answer
8k
views
Ubuntu 22.04 Jammy netplan goes missing
I would like to know if anybody experienced this. I am running the server cli version of Ubuntu 22.04.
After running apt, I see a message saying to run apt autoremove. (I did this)
I also got a ...
- 21
1
vote
1
answer
2k
views
Linux with 2 Interface, ping secondary interface fault
I have ubuntu 20.04 server with 2 interfaces / eth0:94.101.177.244 eth1:94.101.176.149
Eth0 is work well and When i ping from server to out with eth1, it success.
But when i ping from pc eth1, it ...
- 61
1
vote
0
answers
1k
views
Multiple DHCP NIC and local LAN - Debian, Proxmox
tl;dr:
How can i get 3 NIC to route, backup/failover and communicate together?
I got a proxmox server with 3 NIC
vmbr1: company lan - dhcp (engineering department)
vmbr2: robotics network (static)
...
- 11
4
votes
0
answers
1k
views
Setting up multiple IPv6 routes over a single interface on Linux
tldr; A LAN device is able to get 2 separate internet connection (1 NATted from ISP Router, 1 from manual PPP connection). Able to separate ISP-WAN and PPP-WAN IPv4 into 2 routes using ip rules but ...
- 61
0
votes
0
answers
441
views
How can I set up a transparent proxy (TPROXY type) across network namespaces?
I want to setup a transparent proxy across network namespaces. I have two network namespaces, "nsx" and "nsy", each one has a veth pair, the pair of "nsx" is pointed to ...
- 133
0
votes
1
answer
259
views
Why "vlan: 3 parent interface: en0"
I have created a VLAN:
Linux
vconfig add en0 3
ip addr add 192.168.126.5/24 dev en0.3
ip link set up en0.3
can be translated to macOS by e.g.
MacOS
ifconfig vlan0 create
ifconfig vlan0 vlan 3 vlandev ...
- 227
0
votes
1
answer
1k
views
List "hardware" Network Interfaces Controllers
When using ifconfig or ip link show commands, it lists not only hardware interfaces, but also software interfaces - I would expect only the physically interfaces?
Note: I am running on MacOS.
ip link ...
- 227
0
votes
0
answers
2k
views
Wireguard networking issues
I'm having some wireguard networking issues and hope you guys can help me.
My goal is to build a side to side vpn. For that I have host A (public) and host B (private). Below is my config to create ...
- 1
3
votes
2
answers
2k
views
In Linux how to add a route to a prefix via a specific device with certain destinations in that prefix going via default route?
I'm currently dealing with a VPN which connection endpoint lies within the subnet which prefix shall be tunneled via that specific VPN.
Essentially the problem thus boils down to match against a (...
- 299
0
votes
1
answer
275
views
Redirect specific traffic through a VPN interface
I,
I would like to redirect specific ports through a specific interface.
Until now what I accomplished it was
cat /etc/iproute2/rt_tables | grep "200 force.route" > /dev/null
if [ $? != ...
0
votes
1
answer
553
views
Send response back through same device for connections coming in through Wireguard
I have a server lanserver running in my private LAN that is connected to a public server publicserver using Wireguard. publicserver forwards TCP connections to certain ports to lanserver through the ...
- 1,033
4
votes
1
answer
5k
views
Why I get "cache" in the output of `ip route get`?
I'm using kernel 5.11.0 and in the ip-route manual [1] it can be read:
Starting with Linux kernel version 3.6, there is no routing cache
for IPv4 anymore. Hence ip route show cached will never print ...
- 309
0
votes
1
answer
479
views
Unable to use fwmark on Debian 11 (bulleyes) to change routing behavior
I have a recipe I already use on many cases, but this time doesn't works on Debian 11 (kernel 5.10.0-10-amd64)
my setup is basically an internal interface eth0 for a RFC1918 LAN, and two external ...
- 466
0
votes
1
answer
2k
views
Force new process to use the specific network interface (using netns/network namespaces)
I have a number of interfaces available on Ubuntu 20.04 machine. Among others enx0c5b8f279a64 and usb0 with the later being used as the default one. I want to make sure that a particular process ...
- 11
0
votes
1
answer
2k
views
Ubuntu server as both a private NAT router and a public router
I am attempting to do something I've never tried before. I have a Dell PowerEdge 540 that I've installed Ubuntu on. I got a Comcast Business line installed, and have the following physical network ...
- 23
0
votes
0
answers
692
views
How to mark and separate connections?
I have a issabel Linux (based on Centos 7) with 3 ethernet, and I want this scenario:
eth0 with IP 172.16.3.30/16 ----gw(172.16.0.1)----> (I want to use as Default Gateway)
eth1 with IP 10.1.5.102/...
0
votes
1
answer
636
views
How to switch linux interface to trunk-only mode?
I'm trying to configure linux interface into trunk-only mode, that means 'accept only vlan-tagged traffic', and most importantly, ignore all untagged traffic.
I'm pretty successful at having tagged ...
- 316
0
votes
1
answer
1k
views
how to mark connections to route multiple gateways?
hi i am having trouble setting up permanent routes for my network interfaces,
i have :
os : linux (centos 7)
eth0 : IP 172.16.3.6 -- Gateway : 172.16.0.1
eth0:1 : IP 10.1.5.102 -- Gateway : 10.1.5.101
...
3
votes
1
answer
2k
views
Linux: What causes static ARP entries to flush on link down
This is a question about a difference in networking behavior between Debian Buster (kernel 4.19.0-18) and Debian Bullseye (kernel 5.10.0-9). On Buster, proxy arp entries survive if the link on the ...
- 1,796
0
votes
1
answer
1k
views
How to add a routing rule that only match "dport"?
In my OpenWrt box, I want to route only a specific protocol(tcp:1888) to a tun interface only for one PC(192.168.28.2), so I do as following:
ip rule add from 192.168.28.2 dport 1888 lookup 123
ip ...
- 197
0
votes
1
answer
130
views
Within a gateway node how to route traffic to the outside world via a specific interface consistently?
I have linux ec2 instances with two nics (eth0 and eth2). Both the nics have public ip's attached to it and are able to get out to the internet. This linux instance is acting as a gateway node for me, ...
0
votes
2
answers
3k
views
How do i modify route tables in EC2 instance to send traffic via eth1?
I have an ec2 AmazonLinux2 instance. It has a primary nic on eth0. I went ahead and attached another eni (with an associated public ip) eth1. I would like to make sure that I can send traffic via the ...
0
votes
0
answers
92
views
Clients couldn't query DNS server listening on router interface's secondary IP
I have a router where its interface has two IPs
$ ip addr
br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether <MA> brd ff:ff:ff:ff:ff:ff
...
- 187
2
votes
0
answers
284
views
Routes in route6-eth0 don't apply [closed]
I made a file /etc/sysconfig/network-scripts/route6-eth0 with the following contents:
default dev eth0 src ****:****::**** metric 50 pref medium
However, it doesn't show up when I execute ip -6 route:...
- 21
1
vote
0
answers
2k
views
Two instances of Dante proxy server with two interfaces
I'm running 2 instances of Dante server on my Linux machine, one of them is called danted which is supposed to connect me to the internet through the ethernet cable and the other is sockd which is ...
- 85