• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 333
  • Last Modified:

Linux: The added route is not used by the service

Hello everyone,

I have a tiny problem with my linux server. I added a new route manually with the command

route add -net serverip netmask 255.255.255.255 gw gatewayip

because I wanted a service to use this specific gateway for this serverip.

Problem is the service still uses the old default gw. But I can do a traceroute to the serverip and it uses the new gateway...

Do I have to clear someking of cache?

Thanks a lot for your help

Cheers,
Yves
0
Yves_
Asked:
Yves_
  • 6
  • 5
1 Solution
 
arnoldCommented:
route add -host serverip netmask 255.255.255.255 gw gatewayip

look at netstat -rn
bind the service to the IP that will have the route you want.
you may need to use iptables rules to alter the route based on the source port.
post netstat -rn
0
 
Yves_Author Commented:
I just run netstat -rn

[~] # netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
255.255.255.255 0.0.0.0         255.255.255.255 UH        0 0          0 eth0
195.186.1.110 10.10.155.254   255.255.255.255 UGH       0 0          0 eth0
10.10.155.1     0.0.0.0         255.255.255.255 UH        0 0          0 eth0
10.10.155.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
0.0.0.0         10.10.155.253   0.0.0.0         UG        0 0          0 eth0

Open in new window


The IP 195.186.1.110 is the one I want the server to use a diffrent gateway... But he does not do it...
0
 
arnoldCommented:
What is the gateway you want it to use?
Cirrently you have a single entry that deals with access to 195.168.1.110 to be routed via 10.10.155.254.

if you traceroute to 195.168.1.110, the route should go from 10.10.155.1  to 10.10.155.254
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
Yves_Author Commented:
I want the server to use the gateway 10.10.155.254 to route to 195.186.1.110.

If I do a traceroute 195.186.1.110 I get

[~] # traceroute 195.186.1.110
traceroute to 195.186.1.110 (195.186.1.110), 30 hops max, 40 byte packets
 1 10.10.155.254 (10.10.155.254)  0.35 ms  0.346 ms  0.353 ms
 2  82.136.96.1 (82.136.96.1)  28.305 ms  18.038 ms  19.871 ms
 3  bun1001-270100-dzpr210-zg.datazug.net (212.4.76.193)  7.098 ms  5.601 ms  6.45 ms
 4  gi9-7.ccr01.zrh01.atlas.cogentco.com (149.6.176.177)  6.984 ms  8.859 ms  6.259 ms
 5  te3-1.ccr01.bsl01.atlas.cogentco.com (130.117.2.146)  7.63 ms  8.946 ms  9.43 ms
 6  te3-1.ccr01.brn01.atlas.cogentco.com (154.54.39.249)  11.158 ms  8.746 ms  9.561 ms
 7  te1-4.ccr01.gva01.atlas.cogentco.com (130.117.48.201)  11.916 ms  11.988 ms  12.771 ms
 8  swisscom.gva01.atlas.cogentco.com (130.117.14.54)  16.885 ms  12.499 ms  12.63 ms
 9  i68geb-005-gig9-0.bb.ip-plus.net (138.187.130.24)  12.961 ms  12.051 ms  12.781 ms
10  po52.zhbdz09p-rtdi01.bluewin.ch (195.186.0.165)  12.95 ms  15.701 ms  12.145 ms

Open in new window


Which is correct. But the service on the server still connects thru the old gateway...
0
 
arnoldCommented:
Did you restart the service after making the change?
based on the routing table, anything sent from any service on this system to 195.186.1.110 will be routed to 10.10.155.254
can you place a deny rule on 10.10.155.253 that any packet from 10.10.155.1 to 195.186.1.110 be logged to see whether any of these packets are seen there??
You could instead of adding the static route to the system, add the static route on the 10.10.155.253 router to route all packets destined to 195.186.1.110 to 10.10.155.254
You may run into a routing loop if 10.10.155.254 uses 10.10.155.253 as a default gateway.
0
 
Yves_Author Commented:
I shutdown the service and started it again. I also tried that for the network (/etc/init.d/network.sh restart) With the result that my routing table entrie got cleaned out...

The last idea is really good. Did not thought of that. Going to try it out soon.
0
 
Yves_Author Commented:
Okay, I made a rule on my router 10.10.155.253 to send all the traffic for 195.186.1.110 to 10.10.155.254 which worked out perfect.

But should this not be possible on the system directly?
0
 
arnoldCommented:
It should have.  not clear what might have been going on.
0
 
Yves_Author Commented:
any ideas how to debug? or log?
0
 
arnoldCommented:
You could enable logging on the 10.10.155.253 to see whether traffic from 10.10.155.1 to 195.186.1.110 was actually making its way through.
using a network monitoring tool such as wireshark on the system could shed light whether a packet destined to 195.186.1.110 was not following the routing rule you added.

IMHO, when possible, it is better to control from a central point versus trying o configure individal system with individual routes unless no other option is available.

You could use netstat -rnC to see what routing statistics are reporting.


0
 
Yves_Author Commented:
Thanks again arnold
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now