ping -I works by IP, not by interface

vincix · 01-20-2018, 04:25 PM

My settings:
ip address show:

Code:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:a5:24:ba brd ff:ff:ff:ff:ff:ff
    inet 192.168.50.114/24 brd 192.168.50.255 scope global enp0s3
       valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:c1:5e:3f brd ff:ff:ff:ff:ff:ff
    inet 10.0.3.15/24 brd 10.0.3.255 scope global dynamic enp0s8
       valid_lft 85414sec preferred_lft 85414sec

ip route show:

Code:

default via 10.0.3.2 dev enp0s8  proto static  metric 100 
10.0.3.0/24 dev enp0s8  proto kernel  scope link  src 10.0.3.15  metric 100

I don't understand why, but ping -I 192.168.50.114 8.8.8.8 works, but ping -I enp0s3 8.8.8.8 doesn't work.

This is a virtualbox machine and I'm just simulating two internet connections, but enp0s3 is actually bridged in the LAN and 192.168.50.0/24 is the actual lan network, whereas enp0s8 (10.0.3.0/24) is used in a vbox nat and then it also passes through the 192.168.50.0/24 subnet.

I'm not sure if the reason it works with the IP is that this IP (192.168.50.114) belongs to the lan it is going to pass through anyway and that the packets are actually sent through the enp0s8 (10.0.3.15) interface in any case.
Any ideas?

nini09 · 01-24-2018, 03:30 PM

What's error output when "ping -I enp0s3 8.8.8.8" is failure?

vincix · 01-24-2018, 03:59 PM

Rereading my post, I realised that I haven't said the whole story. I'm making use of multiple routing tables (through iproute2).
root@ubuntu:~# cat /etc/iproute2/rt_tables

Code:

#
# reserved values
#
255	local
254	main
253	default
0	unspec
#
# local
#
#1	inr.ruhep
1	admin

Then for the second routing table:

Code:

ip route add 192.168.50.0/24 dev enp0s3 scope link table admin
ip route add default via 192.168.50.1 dev enp0s3 table admin
ip rule add from 192.168.50.0/24 lookup admin

Code:

ip rule list
0:	from all lookup local 
32765:	from 192.168.50.0/24 lookup admin 
32766:	from all lookup main 
32767:	from all lookup default

I'm not sure why, but now the ping isn't working either by using 192.168.50.114, or by using enp0s3 (I needed to reconfigure the virtualbox machine). So the point is ('cause this is what I'm trying to do) is that the packages aren't being routed through the second routing table and I cannot use the enp0s3 interface or 192.168.50.114 to route packets.

nini09 · 01-25-2018, 02:48 PM

What's IP addressing of testing machine? For main route table, source IP is 10.0.3.15. For second route table, source IP is 192.168.50.0/24.

vincix · 01-25-2018, 03:45 PM

Code:

root@ubuntu:~# ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:a5:24:ba brd ff:ff:ff:ff:ff:ff
    inet 192.168.50.114/24 brd 192.168.50.255 scope global enp0s3
       valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:c1:5e:3f brd ff:ff:ff:ff:ff:ff
    inet 10.0.3.15/24 brd 10.0.3.255 scope global enp0s8
       valid_lft forever preferred_lft forever

As far as I know, I don't think it matters that much if the source is 192.168.50.0/24 or 192.168.50.114 (the exact ip). Anyway, I rewrote the rule, just to get it out of the way, as it were:

Code:

ip rule add from 192.168.50.114 lookup table
ip rule list
0:	from all lookup local 
32764:	from 192.168.50.114 lookup admin 
32766:	from all lookup main 
32767:	from all lookup default

I also rewrote the link-scope route to be consistent:

Code:

ip route add 192.168.50.0/24 src 192.168.50.114 dev enp0s3 scope link table admin
ip route show table 1
default via 192.168.50.1 dev enp0s3 
192.168.50.0/24 dev enp0s3  scope link  src 192.168.50.114

So it's the same now as initially (now I can ping from 192.168.50.114, but not from its associated enp0s3 interface - which leads me to believe that the source ip (192.168.50.114) leaves from the enp0s8 interface which is assigned 10.0.3.15.)
These are the tests:

Code:

ping -I 192.168.50.114 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 192.168.50.114 : 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=58 time=17.2 ms

BUT:

Code:

ping -I enp0s3 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 192.168.50.114 enp0s3: 56(84) bytes of data.
From 192.168.50.114 icmp_seq=1 Destination Host Unreachable
From 192.168.50.114 icmp_seq=2 Destination Host Unreachable
From 192.168.50.114 icmp_seq=3 Destination Host Unreachable

Within the subnet it does work, i.e. ping -I enp0s3 192.168.50.1.

nini09 · 01-29-2018, 04:08 PM

You can use tcpdump to find out which interface is used for ping 8.8.8.8.

vincix · 02-05-2018, 11:34 AM

Thanks for the tip. It's useful but it still doesn't solve the problem I'm interested in solving. As I suspected indeed interface enp0s8 is being used when pinging with -I 192.168.50.114.
But what I'm interested in is how I can actually use two two routing tables with two different default routes. I still haven't found anyone who's worked with that.
So in my situation, how can I route the packages through 192.168.50.1 if the default route is set in table 1 (different than the main table, which is used by linux... by default (which is quite misleading, because there's another routing table which is called 'default', no. 253, but which is not used by default).

nini09 · 02-06-2018, 03:22 PM

If you want to use second route table, you should go to a machine that is in 192.168.50.0/24 subnet really and ping from the machine. On the machine you mention, by default, it will use main or default route table for that ping traffic.

vincix · 02-06-2018, 03:40 PM

The thing is I can ping from another machine to my vm regardless of what routes I have, but it only works if ip rule from 192.168.50.114 table admin is applied (rule priority 32765). I've just deleted ALL routes related to my local ip 192.168.50.114, but I've kept the ip rule and I can still ping my vm from another machine.

I'm not sure what you say is correct regarding how you should use several routing tables. There are tutorials on the internet which explain how to use two routing tables if you have two internet connections for instance (that I can't make them work it's another, so that's why I'm asking these questions here). You're right about the ping thing, but then what's the point of the rule 32764? Moreover, when you add a rule, by default it should take precedence over the main table, shouldn't it? The priority in "ip rule list" says so if I'm not mistaken.

Code:

0:	from all lookup local 
32764:	from all to 192.168.50.114 lookup admin 
32765:	from 192.168.50.114 lookup admin 
32766:	from all lookup main 
32767:	from all lookup default

nini09 · 02-07-2018, 03:30 PM

Rule 32764, source is all or any, and destination is 192.168.50.114.

vincix · 02-07-2018, 03:35 PM

If by that you mean that rule 32764 allows the vm to be pinged from outside, then no. That's not correct. I've just tested it. Rule 32765 allows that. I've tested by deleting each rule by turns.

nini09 · 02-08-2018, 02:40 PM

"ip rule" command is different from iptable. Rule 32764 tell system use admin route table.

vincix · 02-08-2018, 02:43 PM

Rules 32765 also tells the system to use the admin route table. There was never anything ambiguous about that. So the question remains: how do I use a certain interface with a certain default gateway?