[RndTbl] IP rule (multihoming) problem
Theodore Baschak
theodore at ciscodude.net
Wed Oct 28 14:11:55 CDT 2015
Sounds like you need a VRF for 158/MGMT, where it ONLY goes out the 158 network? I'm not sure if Linux does this, but that might be a place to start perhaps.
Theo
> On Oct 28, 2015, at 1:57 PM, Adam Thompson <athompson at avant.ca> wrote:
>
> I have CentOS 6 system - my tape backup server - that's connected to two different subnets ("100" and "158").
> There is also a router (actually a firewall) that routes between subnets "100" and "158".
> The server's default gateway is the router IP on subnet "158".
> The server's primary management IP address is the address on subnet "158".
>
> There are client systems on subnet "100", both management workstations and things to back up.
>
> When I try to SSH to the management IP in 158, the default behaviour in Linux is to send the reply back out the 'closest' interface, which is the "100" interface. This breaks things, because the router is actually a stateful firewall and I suddenly have asymmetric routing.
>
> If I "ifconfig down" the "100" interface, suddenly everything works again... except now a large volume of traffic has to run through the firewall.
>
> I'm trying to follow the various guidelines I've found for doing "ip rule" rules, but none of them seem to work.
>
> Has anyone here accomplished this sort of thing before?
>
>
> Adam Thompson
> Senior Systems Administrator
> voice: 204.789.9596 x24 | email: athompson at avant.ca <mailto:athompson at avant.ca> | web: avant.ca <http://avant.ca/>
> _______________________________________________
> Roundtable mailing list
> Roundtable at muug.mb.ca
> http://www.muug.mb.ca/mailman/listinfo/roundtable
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.muug.mb.ca/pipermail/roundtable/attachments/20151028/6cba8aa2/attachment.html>
More information about the Roundtable
mailing list