Solved

Linux: The added route is not used by the service

Posted on 2011-09-16
11
278 Views
Last Modified: 2012-05-12
Hello everyone,

I have a tiny problem with my linux server. I added a new route manually with the command

route add -net serverip netmask 255.255.255.255 gw gatewayip

because I wanted a service to use this specific gateway for this serverip.

Problem is the service still uses the old default gw. But I can do a traceroute to the serverip and it uses the new gateway...

Do I have to clear someking of cache?

Thanks a lot for your help

Cheers,
Yves
0
Comment
Question by:Yves_
  • 6
  • 5
11 Comments
 
LVL 76

Expert Comment

by:arnold
ID: 36549599
route add -host serverip netmask 255.255.255.255 gw gatewayip

look at netstat -rn
bind the service to the IP that will have the route you want.
you may need to use iptables rules to alter the route based on the source port.
post netstat -rn
0
 

Author Comment

by:Yves_
ID: 36549917
I just run netstat -rn

[~] # netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
255.255.255.255 0.0.0.0         255.255.255.255 UH        0 0          0 eth0
195.186.1.110 10.10.155.254   255.255.255.255 UGH       0 0          0 eth0
10.10.155.1     0.0.0.0         255.255.255.255 UH        0 0          0 eth0
10.10.155.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
0.0.0.0         10.10.155.253   0.0.0.0         UG        0 0          0 eth0

Open in new window


The IP 195.186.1.110 is the one I want the server to use a diffrent gateway... But he does not do it...
0
 
LVL 76

Expert Comment

by:arnold
ID: 36549998
What is the gateway you want it to use?
Cirrently you have a single entry that deals with access to 195.168.1.110 to be routed via 10.10.155.254.

if you traceroute to 195.168.1.110, the route should go from 10.10.155.1  to 10.10.155.254
0
 

Author Comment

by:Yves_
ID: 36550080
I want the server to use the gateway 10.10.155.254 to route to 195.186.1.110.

If I do a traceroute 195.186.1.110 I get

[~] # traceroute 195.186.1.110
traceroute to 195.186.1.110 (195.186.1.110), 30 hops max, 40 byte packets
 1 10.10.155.254 (10.10.155.254)  0.35 ms  0.346 ms  0.353 ms
 2  82.136.96.1 (82.136.96.1)  28.305 ms  18.038 ms  19.871 ms
 3  bun1001-270100-dzpr210-zg.datazug.net (212.4.76.193)  7.098 ms  5.601 ms  6.45 ms
 4  gi9-7.ccr01.zrh01.atlas.cogentco.com (149.6.176.177)  6.984 ms  8.859 ms  6.259 ms
 5  te3-1.ccr01.bsl01.atlas.cogentco.com (130.117.2.146)  7.63 ms  8.946 ms  9.43 ms
 6  te3-1.ccr01.brn01.atlas.cogentco.com (154.54.39.249)  11.158 ms  8.746 ms  9.561 ms
 7  te1-4.ccr01.gva01.atlas.cogentco.com (130.117.48.201)  11.916 ms  11.988 ms  12.771 ms
 8  swisscom.gva01.atlas.cogentco.com (130.117.14.54)  16.885 ms  12.499 ms  12.63 ms
 9  i68geb-005-gig9-0.bb.ip-plus.net (138.187.130.24)  12.961 ms  12.051 ms  12.781 ms
10  po52.zhbdz09p-rtdi01.bluewin.ch (195.186.0.165)  12.95 ms  15.701 ms  12.145 ms

Open in new window


Which is correct. But the service on the server still connects thru the old gateway...
0
 
LVL 76

Accepted Solution

by:
arnold earned 250 total points
ID: 36550141
Did you restart the service after making the change?
based on the routing table, anything sent from any service on this system to 195.186.1.110 will be routed to 10.10.155.254
can you place a deny rule on 10.10.155.253 that any packet from 10.10.155.1 to 195.186.1.110 be logged to see whether any of these packets are seen there??
You could instead of adding the static route to the system, add the static route on the 10.10.155.253 router to route all packets destined to 195.186.1.110 to 10.10.155.254
You may run into a routing loop if 10.10.155.254 uses 10.10.155.253 as a default gateway.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:Yves_
ID: 36550805
I shutdown the service and started it again. I also tried that for the network (/etc/init.d/network.sh restart) With the result that my routing table entrie got cleaned out...

The last idea is really good. Did not thought of that. Going to try it out soon.
0
 

Author Comment

by:Yves_
ID: 36559486
Okay, I made a rule on my router 10.10.155.253 to send all the traffic for 195.186.1.110 to 10.10.155.254 which worked out perfect.

But should this not be possible on the system directly?
0
 
LVL 76

Expert Comment

by:arnold
ID: 36561467
It should have.  not clear what might have been going on.
0
 

Author Comment

by:Yves_
ID: 36563883
any ideas how to debug? or log?
0
 
LVL 76

Expert Comment

by:arnold
ID: 36564009
You could enable logging on the 10.10.155.253 to see whether traffic from 10.10.155.1 to 195.186.1.110 was actually making its way through.
using a network monitoring tool such as wireshark on the system could shed light whether a packet destined to 195.186.1.110 was not following the routing rule you added.

IMHO, when possible, it is better to control from a central point versus trying o configure individal system with individual routes unless no other option is available.

You could use netstat -rnC to see what routing statistics are reporting.


0
 

Author Closing Comment

by:Yves_
ID: 36579498
Thanks again arnold
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now