Reply on same network interface (UDP)
Hello together,
is it possible to reply all incoming packets/request on the same network interface? This is my setting: I have a headless Raspberry Pi (raspbian/debain stretch) with two network interfaces (eth0 and eth1). The first interface (eth0) uses a public IP address, which is static. This interface is intended to provide access to the Pi (time- and web server, SSH) via the Internet. The second interface (eth1) uses the Raspberry Pi for general Internet connection (perform updates, sync own time or whatever) and uses a dynamic IP via DHCP. A general Internet connectivity over eth0 is not possible, so I have to use eth1 on the Pi. My problem is that Internet (on the Pi) and the Internet access to the Pi are not working correctly. first configuration (/etc/dhcpcd.conf): Code:
interface eth0 Code:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
------------------------------------------------------------------------------------------------------ Now I tried to change the metric of the interfaces, hoping that the change of prioritization is successful. my second configuration (/etc/dhcpcd.conf): Code:
interface eth1
Ok. I think all traffic going out to eth1 at default. With the tool 'iptraf-ng' I was able to see the problem: Code:
TCP Connections (Source Host:Port) Iface On TCP: some connections going out to the wrong interface (eth1). On UDP: The request from 80.187.108.126 came over eth0 and the response was sent over eth1. ------------------------------------------------------------------------------------------------------ Next, I defined the routing table to reply incoming packets on same network interface... Code:
echo 100 public >> /etc/iproute2/rt_tables
and 'iptraf-ng' shows: Code:
TCP Connections (Source Host:Port) Iface On TCP: now it works correctly On UDP: same problem :( What can I do to send UDP responses over the correct interface (eth0)? I have no idea why TCP works fine but UDP fails :( Its very frustrating and I have no more ideas. I hope someone can help. ...or is it possible to bind a process (or processes) to a IP address? Maybe it avoids this behavior. best regards, SBond ps: sorry for my bad english |
Why do you have two static routers. A static router is a default gateway. It tells the next hop packets need to be sent to if the IP is not on the same subnet.
That makes sense for the external interface. Everything which is not on 141.41.241.68/28 should be forwarded to 141.41.241.65 But there is no need to assign a router to 192.168.0.0/24. Everything which is on this subnet will be reachable thru eth1. Without routing. Everything which is not on 192.168.0.0/24 will go out on 141.41.241.65 which is correct. What I think I see is that traffic coming in on eth0 is sent out on eth1 instead of eth0 because there are two default gateways. I would remove the 192.168.0.1 gw completely and start again from the basic configuration. I don't know why the difference between UDP and TCP. May because UDP is more stateless that TCP and doesn't know there is a established connection to use for a reply. jlinkels |
oh sorry. It is an copy/paste error in my post. I removed it. I have one static router (141.41.241.65) in my configuration file. This is really weird. I try to solve this problem since 3 days :(
|
Weird. With the router mixup it seemed easy.
Can you try to initiate a UDP connection from the Pi and see where it is transmitted? So issue this command: Code:
echo hello world | netcat -u 0.debian.pool.ntp.org 123 Code:
sudo tcpdump -i eth0 host 0.debian.pool.ntp.org Code:
sudo tcpdump -i eth1 host 0.debian.pool.ntp.org Code:
14:03:50.545460 IP aaa.bbb.ccc.ddd.59622 > Time100.Stupi.SE.ntp: NTPv5, unspecified, length 12 When tcpdump is running you issue the netcat command. When testing this, you take out the variable that something is replied to. jlinkels |
I'm not able to test this today, but I give you tomorrow the results. Thanks for you help. :)
|
ok. here are the results:
command: Code:
root@raspberrypi:~# echo hello world | netcat -u 0.debian.pool.ntp.org 123 eth0 monitor: Code:
root@raspberrypi:~# sudo tcpdump -i eth0 host 0.debian.pool.ntp.org eth1 monitor: Code:
root@raspberrypi:~# sudo tcpdump -i eth1 host 0.debian.pool.ntp.org here are other connections: iptraf-ng: Code:
UDP Connections Well, my Raspberry Pi works as NTP client and NTP server (2 processes). The client connections are fine. My Raspberry Pi is sending requests to the NTP servers over the internet connection (eth1) and receive the response messages on the same interface. This is correct, because I have no regular internet connectivity on eth0. But the problem is my NTP server. If I unplug the cable from eth1, then the server works correctly and sends the response packets over eth0. But in this case my clients doesn't work anymore, because they have no more internet connection. is it possible to bind a process to a network interface? I thought it is a small problem and easy to solve, but ...geeeez :( I mean... it must be possible ...somehow :( best regards, SBond ----- I hope my english is good enough for you |
Things are not right.
Quote:
Please make sure eth0 and eth1 have the IP addresses as you specified before: Quote:
Quote:
Code:
/sbin/route -n |
thanks for support :)
here are my current settings: - Raspberry Pi 3 with Raspbian (Image version: 2017-11-29) -> headless operation -> onbord ethernet (eth0): ---> public access (static IP) ---> for Apache web server, SSH, NTP server -> Ethernet-USB-Dongle (eth1): ---> dynamic IP (DHCP) ---> general Internet connection (RasPi --> TP-Link router --> institute network) ---> for updates and NTP client (time synchronization is important for my Pi) -> onboard wireless (wlan0): ---> dynamic IP (DHCP) ---> fallback connection, when I locked myself out (RasPi --> TP-Link router --> institute network) ---> same connection like eth1 ---> ... only local access ^^ cat /etc/dhcpcd.conf: Code:
# A sample configuration for dhcpcd. ifconfig: Code:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 cat /etc/iproute2/rt_tables: Code:
# reserved values Code:
Kernel-IP-Routentabelle ip rule show: Code:
0: from all lookup local ip route show: Code:
default via 192.168.0.1 dev eth1 src 192.168.0.101 metric 200 ip route list table public: Code:
default via 141.41.241.65 dev eth0 |
OK, one of the problems is definitely in the routing.
Quote:
I know you assigned metrics to the various interfaces (and that this has some effect, but I don't know if it is the intended effect) What is the reason you have multiple connections to the public internet? You have a public IP address, that should void the need for going through your router for yet another internet connection. I would start with this: disable the wlan, just have eth0 (public IP) and eth1 (internal LAN). Do away with metrics and all that stuff. Easiest is to implement all addresses as static. DHCP comes later. Your routing table should look like this: Code:
Ziel Router Genmask Flags Metric Ref Use Iface You also say eth0 does not have general internet access. What do you mean by that? Is it connected to the public internet or not? Or is there a router in between restricting certain addresses? In that case it might be easier to route all internet traffic over eth1, and route only the access to the NTP server specifically. I think the 3 default gateways is the source of your problem. jlinkels |
Quote:
Quote:
I can often help myself, but I'm not a expert for linux or network configurations. But this problem is really annoying, because it looks totaly simple. this is my table at th beginning: Code:
Ziel Router Genmask Flags Metric Ref Use Iface Code:
Ziel Router Genmask Flags Metric Ref Use Iface ...um...ok, at first I changed my settings: /etc/dhcpcd.conf: new config: Code:
interface eth0 ip link set wlan0 down result: route -n Code:
0.0.0.0 141.41.241.65 0.0.0.0 UG 202 0 0 eth0 test rusults:
|
Yes, remove the line
Code:
static routers = 192.168.01 Don't worry about internet access. Just check if you can have the Pi as NTP server on the LAN network. I assume it is still working correctly as NTP client because Pi know how to get to the public IP of your NTP server. If that works, the next thing we will do is to remove the defaut gw from 141.n.n.n and make a dedicated route to get to your NTP server over the public internet. jlinkels |
ok :)
changed /etc/dhcpcd.conf: Code:
interface eth0 result: route -n Code:
0.0.0.0 141.41.241.65 0.0.0.0 UG 202 0 0 eth0 should I remove 'static routers=141.41.241.65' now? I'm not sure if I can access my Pi after this. Until next Monday I have no access to the hardware (if I lock myself out). |
Don't lock yourself out.
I don't understand why you cannot reach your time server on internet. This interface 141.41.241.68/28 is created to access the NTP server over internet, isn't it? As I understand you have this public IP address which is heavily restricted but just to reach your NTP server. If the default gw is pointing to 141.41.241.65 why can't you reach your time server? I know the connection is not good for anything else, but the Pi (the NTP client here) does not know better as to direct all traffic including NTP requests to 141.41.241.65. You also say you don't have internet access, but you reach you Pi from the outside using this IP? You you have somehow access to 141.41.241.68? Oh wait, while I am writing this I see something else which doesn't look right. I overlooked it first. I thought you were setting the static addressed in /etc/networking/interfaces. But you say you do that in /etc/dhcpd.conf. Don't for the time being. Put this in your /etc/network/interfaces on the Pi. And check if I use the correct IP addresses which were assigned to you. Code:
auto lo jlinkels |
changed config (disabled entries):
nano /etc/dhcpcd.conf Code:
#interface eth0 nano /etc/network/interfaces Code:
# interfaces(5) file used by ifup(8) and ifdown(8) sudo reboot ifconfig Code:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 route -n Code:
Ziel Router Genmask Flags Metric Ref Use Iface Ok, NTP server and SSH still working, but no internet. Maybe you are a little confused about the NTP configuration. Well, my Raspberry Pi works with 2 processes as client and server simultaneously. The first process is the NTP client. This mode allow the time sync of my Pi itself. The NTP client contacts other NTP server (3 in my case) over a normal internet connection. But it doesn't work over the eth0 connection. The NTP client need eth1 to reach the needed time servers. The second process is my own NTP server. It opens a socket with the Port 123. This Port is open and the server can receive requests and send response packets on eth0. This works currently. I can reach my Pi over 'nts1-e.ostfalia.de' over custom ports for SSH and port 123 for NTPv4. Ping does not work (blocked by IT infrastructure) ok. what are the next steps? ...and thanks for you support and your time :) |
Yes, I am confused.
Do I then understand it correctly that you access your Pi from home using nts1-e.ostfalia.de but you are not on one of the addresses between 141.41.241.65 through 141.41.241.78? You have a normal public address at home and you access the Pi from there? It is clear that your Pi is both server and client. That is normal. So far, with the last changes you made what I see is totally what I expect. That is the good news. The only thing now left is how you can access eth0 from the internet, while you still have outgoing internet connections on eth1 to retrieve the time from your 3 time servers. If you can clarify the questions in the first paragraph I'll think about it. It might be over the weekend before I am back. jlinkels |
All times are GMT -5. The time now is 09:40 AM. |