Solved

Linux: The added route is not used by the service

Posted on 2011-09-16
11
302 Views
Last Modified: 2012-05-12
Hello everyone,

I have a tiny problem with my linux server. I added a new route manually with the command

route add -net serverip netmask 255.255.255.255 gw gatewayip

because I wanted a service to use this specific gateway for this serverip.

Problem is the service still uses the old default gw. But I can do a traceroute to the serverip and it uses the new gateway...

Do I have to clear someking of cache?

Thanks a lot for your help

Cheers,
Yves
0
Comment
Question by:Yves_
  • 6
  • 5
11 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 36549599
route add -host serverip netmask 255.255.255.255 gw gatewayip

look at netstat -rn
bind the service to the IP that will have the route you want.
you may need to use iptables rules to alter the route based on the source port.
post netstat -rn
0
 

Author Comment

by:Yves_
ID: 36549917
I just run netstat -rn

[~] # netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
255.255.255.255 0.0.0.0         255.255.255.255 UH        0 0          0 eth0
195.186.1.110 10.10.155.254   255.255.255.255 UGH       0 0          0 eth0
10.10.155.1     0.0.0.0         255.255.255.255 UH        0 0          0 eth0
10.10.155.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
0.0.0.0         10.10.155.253   0.0.0.0         UG        0 0          0 eth0

Open in new window


The IP 195.186.1.110 is the one I want the server to use a diffrent gateway... But he does not do it...
0
 
LVL 77

Expert Comment

by:arnold
ID: 36549998
What is the gateway you want it to use?
Cirrently you have a single entry that deals with access to 195.168.1.110 to be routed via 10.10.155.254.

if you traceroute to 195.168.1.110, the route should go from 10.10.155.1  to 10.10.155.254
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 

Author Comment

by:Yves_
ID: 36550080
I want the server to use the gateway 10.10.155.254 to route to 195.186.1.110.

If I do a traceroute 195.186.1.110 I get

[~] # traceroute 195.186.1.110
traceroute to 195.186.1.110 (195.186.1.110), 30 hops max, 40 byte packets
 1 10.10.155.254 (10.10.155.254)  0.35 ms  0.346 ms  0.353 ms
 2  82.136.96.1 (82.136.96.1)  28.305 ms  18.038 ms  19.871 ms
 3  bun1001-270100-dzpr210-zg.datazug.net (212.4.76.193)  7.098 ms  5.601 ms  6.45 ms
 4  gi9-7.ccr01.zrh01.atlas.cogentco.com (149.6.176.177)  6.984 ms  8.859 ms  6.259 ms
 5  te3-1.ccr01.bsl01.atlas.cogentco.com (130.117.2.146)  7.63 ms  8.946 ms  9.43 ms
 6  te3-1.ccr01.brn01.atlas.cogentco.com (154.54.39.249)  11.158 ms  8.746 ms  9.561 ms
 7  te1-4.ccr01.gva01.atlas.cogentco.com (130.117.48.201)  11.916 ms  11.988 ms  12.771 ms
 8  swisscom.gva01.atlas.cogentco.com (130.117.14.54)  16.885 ms  12.499 ms  12.63 ms
 9  i68geb-005-gig9-0.bb.ip-plus.net (138.187.130.24)  12.961 ms  12.051 ms  12.781 ms
10  po52.zhbdz09p-rtdi01.bluewin.ch (195.186.0.165)  12.95 ms  15.701 ms  12.145 ms

Open in new window


Which is correct. But the service on the server still connects thru the old gateway...
0
 
LVL 77

Accepted Solution

by:
arnold earned 250 total points
ID: 36550141
Did you restart the service after making the change?
based on the routing table, anything sent from any service on this system to 195.186.1.110 will be routed to 10.10.155.254
can you place a deny rule on 10.10.155.253 that any packet from 10.10.155.1 to 195.186.1.110 be logged to see whether any of these packets are seen there??
You could instead of adding the static route to the system, add the static route on the 10.10.155.253 router to route all packets destined to 195.186.1.110 to 10.10.155.254
You may run into a routing loop if 10.10.155.254 uses 10.10.155.253 as a default gateway.
0
 

Author Comment

by:Yves_
ID: 36550805
I shutdown the service and started it again. I also tried that for the network (/etc/init.d/network.sh restart) With the result that my routing table entrie got cleaned out...

The last idea is really good. Did not thought of that. Going to try it out soon.
0
 

Author Comment

by:Yves_
ID: 36559486
Okay, I made a rule on my router 10.10.155.253 to send all the traffic for 195.186.1.110 to 10.10.155.254 which worked out perfect.

But should this not be possible on the system directly?
0
 
LVL 77

Expert Comment

by:arnold
ID: 36561467
It should have.  not clear what might have been going on.
0
 

Author Comment

by:Yves_
ID: 36563883
any ideas how to debug? or log?
0
 
LVL 77

Expert Comment

by:arnold
ID: 36564009
You could enable logging on the 10.10.155.253 to see whether traffic from 10.10.155.1 to 195.186.1.110 was actually making its way through.
using a network monitoring tool such as wireshark on the system could shed light whether a packet destined to 195.186.1.110 was not following the routing rule you added.

IMHO, when possible, it is better to control from a central point versus trying o configure individal system with individual routes unless no other option is available.

You could use netstat -rnC to see what routing statistics are reporting.


0
 

Author Closing Comment

by:Yves_
ID: 36579498
Thanks again arnold
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question