Force an application to use the IP I want for outgoing packets - Networking

This is a discussion on Force an application to use the IP I want for outgoing packets - Networking ; Hello everybody, I'm in a situation where I have 2 network interfaces, each one has a public ip address, and the default route is set on the interface 0. If I wanted to use interface 1 for the application I'm ...

+ Reply to Thread
Results 1 to 14 of 14

Thread: Force an application to use the IP I want for outgoing packets

  1. Force an application to use the IP I want for outgoing packets

    Hello everybody,

    I'm in a situation where I have 2 network interfaces, each one has a public
    ip address, and the default route is set on the interface 0.

    If I wanted to use interface 1 for the application I'm about to launch, how
    could I do?

    Let's imagine I want to do a ping using as source address the IP of the
    interface 1, and I want packets generated by it routed through interface 1.
    Is that possible?

    I tried doing "ping -I
    destination" and it seems to
    work. I also tried to do an ssh -b
    destination,
    but it doesn't work.

    Any hints?
    Thank you very much.

  2. Re: Force an application to use the IP I want for outgoing packets

    On Jan 22, 2:52 am, Gdss wrote:
    > Hello everybody,
    >
    > I'm in a situation where I have 2 network interfaces, each one has a public
    > ip address, and the default route is set on the interface 0.
    >
    > If I wanted to use interface 1 for the application I'm about to launch, how
    > could I do?
    >
    > Let's imagine I want to do a ping using as source address the IP of the
    > interface 1, and I want packets generated by it routed through interface 1.
    > Is that possible?
    >
    > I tried doing "ping -I
    destination" and it seems to
    > work. I also tried to do an ssh -b
    destination,
    > but it doesn't work.
    >
    > Any hints?
    > Thank you very much.


    Your question seems to be a bit confused. Which interface is used to
    transmit a packet has nothing whatsoever to do with the source address
    of the packet. The choice of outbound interfaces depends on the
    *destination*, not the source.

    If a machine has two interfaces, 'A' numbered 192.168.31.1/24 and 'B'
    numbered 129.168.34.1/42, it will use interface 'A' if the
    *destination* is 192.168.31.5 even if the source is 192.168.34.1.

    DS

  3. Re: Force an application to use the IP I want for outgoing packets

    On Tue, 22 Jan 2008, in the Usenet newsgroup comp.os.linux.networking, in
    article , Gdss wrote:

    >I'm in a situation where I have 2 network interfaces, each one has a
    >public ip address, and the default route is set on the interface 0.
    >
    >If I wanted to use interface 1 for the application I'm about to launch,
    >how could I do?


    "Policy Routing"

    [compton ~]$ whatis ip tc
    ip (8) - show / manipulate routing, devices, policy routing and tunnels
    tc (8) - show / manipulate traffic control settings
    [compton ~]$

    See the Adv-Routing-HOWTO for additional details.

    -rw-rw-r-- 1 gferg ldp 297491 Sep 4 2003 Adv-Routing-HOWTO

    But this also assumes that the application can be bound to a specific
    interface. Some allow this, some don't.

    Old guy


  4. Re: Force an application to use the IP I want for outgoing packets

    On Jan 22, 12:52 pm, Gdss wrote:
    > Hello everybody,
    >
    > I'm in a situation where I have 2 network interfaces, each one has a public
    > ip address, and the default route is set on the interface 0.
    >
    > If I wanted to use interface 1 for the application I'm about to launch, how
    > could I do?
    >
    > Let's imagine I want to do a ping using as source address the IP of the
    > interface 1, and I want packets generated by it routed through interface 1.
    > Is that possible?

    -It's all about routing man, I use the ping command with -i only when
    I have 2 gateways to the Internet, And this setup called multipath
    routing or dual routing, Check www.lartc.org for details.
    -But if you don't have 2 Internet connections so why you use -i or
    whatever, The Linux routing table will lead the application to it's
    destination as it should go according to the routing table. You can
    force your system to go through a specific interface when you want to
    reach specific host through this interface with the route command
    like, route add -host 11.22.33.44 gw 192.168.1.2, This way your system
    will go to 11.22.33.44 through 192.168.1.2 interface. I wish I could
    help someway.
    > I tried doing "ping -I
    destination" and it seems to
    > work. I also tried to do an ssh -b
    destination,
    > but it doesn't work.
    >
    > Any hints?
    > Thank you very much.

    Regards,

  5. Re: Force an application to use the IP I want for outgoing packets

    David Schwartz wrote:

    > On Jan 22, 2:52 am, Gdss wrote:
    >> Hello everybody,
    >>
    >> I'm in a situation where I have 2 network interfaces, each one has a
    >> public ip address, and the default route is set on the interface 0.
    >>
    >> If I wanted to use interface 1 for the application I'm about to launch,
    >> how could I do?
    >>
    >> Let's imagine I want to do a ping using as source address the IP of the
    >> interface 1, and I want packets generated by it routed through interface
    >> 1. Is that possible?
    >>
    >> I tried doing "ping -I
    destination" and it seems
    >> to work. I also tried to do an ssh -b

    >> destination, but it doesn't work.
    >>
    >> Any hints?
    >> Thank you very much.

    >
    > Your question seems to be a bit confused. Which interface is used to
    > transmit a packet has nothing whatsoever to do with the source address
    > of the packet. The choice of outbound interfaces depends on the
    > *destination*, not the source.
    >
    > If a machine has two interfaces, 'A' numbered 192.168.31.1/24 and 'B'
    > numbered 129.168.34.1/42, it will use interface 'A' if the
    > *destination* is 192.168.31.5 even if the source is 192.168.34.1.


    So, if I explicity binded to one ip address, that would just mean that the
    source ip address would set to that ip address? So that is not a bind to an
    interface, but a mere selection of the source address?
    Thus there is no bind to an interface?

    I did this test:
    I started an umts connection (ppp0 has been created);
    I unplugged the ethernet cable
    Then I did this:

    wget --bind-address http://XXXXXXXXXXX /index.php
    --12:36:08-- http://XXXXXXXXXXX /index.php
    => `index.php'
    Risoluzione di www.XXXXXXXXXXX in corso... 62.149.140.20
    Connessione a XXXXXXXXXXX |62.149.140.20:80... failed: No route to the host

    So, this confirms your statement.

    Then I did:
    ping -I ppp0 209.85.129.104 (google)
    PING 209.85.129.104 (209.85.129.104) from YYYYYYYYYYY ppp0: 56(84) bytes of
    data.
    64 bytes from 209.85.129.104: icmp_seq=1 ttl=241 time=2257 ms
    64 bytes from 209.85.129.104: icmp_seq=2 ttl=241 time=1276 ms
    64 bytes from 209.85.129.104: icmp_seq=3 ttl=241 time=277 ms
    64 bytes from 209.85.129.104: icmp_seq=4 ttl=241 time=187 ms

    YYYYYYYYYYY (eth0 ip address!!)

    The things I don't understand:
    1) why ping uses the ip address of eth0
    2) why packets get routed through ppp0 interface.

    Is that due to the difference between a tcp socket and icmp packets?

    Thanks.

  6. Re: Force an application to use the IP I want for outgoing packets

    Gdss wrote:

    I reformulate my question:
    is it possible to force an application to bind to a specific interface? If
    so, how?
    Thanks.

  7. Re: Force an application to use the IP I want for outgoing packets

    Gdss wrote:

    > The things I don't understand:
    > 1) why ping uses the ip address of eth0


    I think I've seen this noted as an iputils ping bug, can't remember where.

    Andy.

  8. Re: Force an application to use the IP I want for outgoing packets

    habibielwa7id wrote:

    > force your system to go through a specific interface when you want to
    > reach specific host through this interface with the route command
    > like, route add -host 11.22.33.44 gw 192.168.1.2, This way your system
    > will go to 11.22.33.44 through 192.168.1.2 interface. I wish I could
    > help someway.
    >

    AHA !! busted!!! LOL.

    I was under the impression that gateway needs to be an IP
    on the other side of the wire? Which is used to address that interface
    with MAC??
    Although this doesn't quite fit when I look at my windows routing table
    and an entry for my LAN/nic reads:

    Destination Netmask Gateway Interface
    192.168.1.0 255.255.255.255 192.168.1.25 192.168.1.25
    and why is the mask 255 at the end?

    the multicast I think I understand , no destination ever
    224.0.0.0 224.0.0.0 192.168.1.25 192.168.1.25 1

  9. Re: Force an application to use the IP I want for outgoing packets

    Sambo wrote:
    > habibielwa7id wrote:


    > > force your system to go through a specific interface when you want to
    > > reach specific host through this interface with the route command
    > > like, route add -host 11.22.33.44 gw 192.168.1.2, This way your system
    > > will go to 11.22.33.44 through 192.168.1.2 interface. I wish I could
    > > help someway.
    > >

    > AHA !! busted!!! LOL.


    > I was under the impression that gateway needs to be an IP on the
    > other side of the wire? Which is used to address that interface with
    > MAC??


    When a "system local" IP address is used as a gateway (with a metric
    of 0 IIRC) the system will then ARP for the remote IP address. This
    will "work" if one of the routers on that LAN is configured to support
    "proxy ARP" and is willing to send an ARP reply.

    If you don't have routers which support "proxy ARP" you would have to
    add an entry to the local system's ARP cache which associated the
    remote IP address with the MAC address of the router.

    Some systems/oses/stacks, if they are configured to run under what is
    called the "strong es model" (es == end system) will include the
    source IP address when performing route lookups and may (will?) prefer
    routes with a matching source IP. On such systems, 99 times out of 10
    it may be sufficient to bind to the IP assigned to the desired egress
    interface - assuming suitable routes are in the routing table. Such
    systems can even have (the moral equivalent to) per-interface
    "default" routes. A system configured for the strong es model will
    accept traffic for a local IP only if it is received on an interface
    which was assigned that IP.

    By default at least, "Linux" operates under a very "weak" end system
    model, all the way down to ARP, which can make configuring multiple
    interfaces, even into separate IP subnets, very interesting when
    they are connected to the same broadcast domain (switches)...

    > Although this doesn't quite fit when I look at my windows routing
    > table and an entry for my LAN/nic reads:


    Um, if you are running windows, why are you asking in a Linux group?-)

    > Destination Netmask Gateway Interface
    > 192.168.1.0 255.255.255.255 192.168.1.25 192.168.1.25
    > and why is the mask 255 at the end?


    > the multicast I think I understand , no destination ever
    > 224.0.0.0 224.0.0.0 192.168.1.25 192.168.1.25 1


    --
    web2.0 n, the dot.com reunion tour...
    these opinions are mine, all mine; HP might not want them anyway...
    feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

  10. Re: Force an application to use the IP I want for outgoing packets

    On Jan 23, 3:44 am, Gdss wrote:

    > > Your question seems to be a bit confused. Which interface is used to
    > > transmit a packet has nothing whatsoever to do with the source address
    > > of the packet. The choice of outbound interfaces depends on the
    > > *destination*, not the source.


    > > If a machine has two interfaces, 'A' numbered 192.168.31.1/24 and 'B'
    > > numbered 129.168.34.1/42, it will use interface 'A' if the
    > > *destination* is 192.168.31.5 even if the source is 192.168.34.1.


    > So, if I explicity binded to one ip address, that would just mean that the
    > source ip address would set to that ip address?


    Correct.

    > So that is not a bind to an
    > interface, but a mere selection of the source address?


    Right.

    > Thus there is no bind to an interface?


    Such a thing would make no sense. The interface a packet is sent on
    depends on where it is going.

    > I did this test:
    > I started an umts connection (ppp0 has been created);
    > I unplugged the ethernet cable
    > Then I did this:
    >
    > wget --bind-address http://XXXXXXXXXXX/index.php
    > --12:36:08-- http://XXXXXXXXXXX/index.php
    > => `index.php'
    > Risoluzione diwww.XXXXXXXXXXXin corso... 62.149.140.20
    > Connessione a XXXXXXXXXXX |62.149.140.20:80... failed: No route to the host
    >
    > So, this confirms your statement.
    >
    > Then I did:
    > ping -I ppp0 209.85.129.104 (google)
    > PING 209.85.129.104 (209.85.129.104) from YYYYYYYYYYY ppp0: 56(84) bytes of
    > data.
    > 64 bytes from 209.85.129.104: icmp_seq=1 ttl=241 time=2257 ms
    > 64 bytes from 209.85.129.104: icmp_seq=2 ttl=241 time=1276 ms
    > 64 bytes from 209.85.129.104: icmp_seq=3 ttl=241 time=277 ms
    > 64 bytes from 209.85.129.104: icmp_seq=4 ttl=241 time=187 ms
    >
    > YYYYYYYYYYY (eth0 ip address!!)
    >
    > The things I don't understand:
    > 1) why ping uses the ip address of eth0


    Because 'ping' has to use raw sockets, it can use its own algorithm to
    choose the source address. The normal rules don't apply to it. I'm not
    sure why it chooses as it does.

    > 2) why packets get routed through ppp0 interface.


    The 'ping' program should choose the interface "closest" to the
    destination. But again, it can follow its own rules.

    > Is that due to the difference between a tcp socket and icmp packets?


    Possibly. There is no standard interface for ICMP packets, so 'ping'
    has to use raw sockets and can do as it pleases.

    DS

  11. Re: Force an application to use the IP I want for outgoing packets

    On Jan 23, 3:53 am, Gdss wrote:

    > I reformulate my question:
    > is it possible to force an application to bind to a specific interface? If
    > so, how?


    No, as this would violate system configured rules. It makes no sense
    from a system standpoint to send packets away from their destination
    and can cause real problems such as routing loops. Thus applications
    are prohibited from doing this.

    It's very odd that you want to. What's your actual problem? Odds are
    there's a much better way to handle it.

    DS

  12. Re: Force an application to use the IP I want for outgoing packets

    On Jan 23, 1:44 pm, Gdss wrote:
    > David Schwartz wrote:
    > > On Jan 22, 2:52 am, Gdss wrote:
    > >> Hello everybody,

    >
    > >> I'm in a situation where I have 2 network interfaces, each one has a
    > >> public ip address, and the default route is set on the interface 0.

    >
    > >> If I wanted to use interface 1 for the application I'm about to launch,
    > >> how could I do?

    >
    > >> Let's imagine I want to do a ping using as source address the IP of the
    > >> interface 1, and I want packets generated by it routed through interface
    > >> 1. Is that possible?

    >
    > >> I tried doing "ping -I
    destination" and it seems
    > >> to work. I also tried to do an ssh -b

    > >> destination, but it doesn't work.

    >
    > >> Any hints?
    > >> Thank you very much.

    >
    > > Your question seems to be a bit confused. Which interface is used to
    > > transmit a packet has nothing whatsoever to do with the source address
    > > of the packet. The choice of outbound interfaces depends on the
    > > *destination*, not the source.

    >
    > > If a machine has two interfaces, 'A' numbered 192.168.31.1/24 and 'B'
    > > numbered 129.168.34.1/42, it will use interface 'A' if the
    > > *destination* is 192.168.31.5 even if the source is 192.168.34.1.

    >
    > So, if I explicity binded to one ip address, that would just mean that the
    > source ip address would set to that ip address? So that is not a bind to an
    > interface, but a mere selection of the source address?
    > Thus there is no bind to an interface?
    >
    > I did this test:
    > I started an umts connection (ppp0 has been created);
    > I unplugged the ethernet cable
    > Then I did this:
    >
    > wget --bind-address http://XXXXXXXXXXX/index.php
    > --12:36:08-- http://XXXXXXXXXXX/index.php
    > => `index.php'
    > Risoluzione diwww.XXXXXXXXXXXin corso... 62.149.140.20
    > Connessione a XXXXXXXXXXX |62.149.140.20:80... failed: No route to the host
    >
    > So, this confirms your statement.
    >
    > Then I did:
    > ping -I ppp0 209.85.129.104 (google)
    > PING 209.85.129.104 (209.85.129.104) from YYYYYYYYYYY ppp0: 56(84) bytes of
    > data.
    > 64 bytes from 209.85.129.104: icmp_seq=1 ttl=241 time=2257 ms
    > 64 bytes from 209.85.129.104: icmp_seq=2 ttl=241 time=1276 ms
    > 64 bytes from 209.85.129.104: icmp_seq=3 ttl=241 time=277 ms
    > 64 bytes from 209.85.129.104: icmp_seq=4 ttl=241 time=187 ms
    >
    > YYYYYYYYYYY (eth0 ip address!!)
    >
    > The things I don't understand:
    > 1) why ping uses the ip address of eth0
    > 2) why packets get routed through ppp0 interface.
    >
    > Is that due to the difference between a tcp socket and icmp packets?
    >
    > Thanks.


    -Really ping shouldn't do this and it should do like wget did, Iam
    sure that should be because I usually use the ping command on Linux
    with the option -I because I have two Linux servers with 2 gateways at
    the same time which they called it a dual routing feature, And to
    monitor the 2 lines I always open 2 terminals with 2 ping commands
    running like this
    ping -I eth0 yahoo.com
    ping -I eth2 yahoo.com . And when 1 of the 2 ping stop I know there is
    a problem with that line, So the only difference between what I did
    and what you did is just I used Ethernet interface as eth0 and you
    used a modem Interface as ppp0, Really iam not sure if so can make a
    difference. So how did you configure your ppp0 and issue these
    commands "ifconfig -a" and "route", So you can make sure how routing
    is working on your system.

  13. Re: Force an application to use the IP I want for outgoing packets

    On Jan 24, 3:20 am, David Schwartz wrote:
    > On Jan 23, 3:44 am, Gdss wrote:
    >
    > > > Your question seems to be a bit confused. Which interface is used to
    > > > transmit a packet has nothing whatsoever to do with the source address
    > > > of the packet. The choice of outbound interfaces depends on the
    > > > *destination*, not the source.
    > > > If a machine has two interfaces, 'A' numbered 192.168.31.1/24 and 'B'
    > > > numbered 129.168.34.1/42, it will use interface 'A' if the
    > > > *destination* is 192.168.31.5 even if the source is 192.168.34.1.

    > > So, if I explicity binded to one ip address, that would just mean that the
    > > source ip address would set to that ip address?

    >
    > Correct.
    >
    > > So that is not a bind to an
    > > interface, but a mere selection of the source address?

    >
    > Right.
    >
    > > Thus there is no bind to an interface?

    >
    > Such a thing would make no sense. The interface a packet is sent on
    > depends on where it is going.
    >
    >
    >
    > > I did this test:
    > > I started an umts connection (ppp0 has been created);
    > > I unplugged the ethernet cable
    > > Then I did this:

    >
    > > wget --bind-address http://XXXXXXXXXXX/index.php
    > > --12:36:08-- http://XXXXXXXXXXX/index.php
    > > => `index.php'
    > > Risoluzione diwww.XXXXXXXXXXXincorso... 62.149.140.20
    > > Connessione a XXXXXXXXXXX |62.149.140.20:80... failed: No route to the host

    >
    > > So, this confirms your statement.

    >
    > > Then I did:
    > > ping -I ppp0 209.85.129.104 (google)
    > > PING 209.85.129.104 (209.85.129.104) from YYYYYYYYYYY ppp0: 56(84) bytes of
    > > data.
    > > 64 bytes from 209.85.129.104: icmp_seq=1 ttl=241 time=2257 ms
    > > 64 bytes from 209.85.129.104: icmp_seq=2 ttl=241 time=1276 ms
    > > 64 bytes from 209.85.129.104: icmp_seq=3 ttl=241 time=277 ms
    > > 64 bytes from 209.85.129.104: icmp_seq=4 ttl=241 time=187 ms

    >
    > > YYYYYYYYYYY (eth0 ip address!!)

    >
    > > The things I don't understand:
    > > 1) why ping uses the ip address of eth0

    >
    > Because 'ping' has to use raw sockets, it can use its own algorithm to
    > choose the source address. The normal rules don't apply to it. I'm not
    > sure why it chooses as it does.
    >
    > > 2) why packets get routed through ppp0 interface.

    >
    > The 'ping' program should choose the interface "closest" to the
    > destination. But again, it can follow its own rules.


    -I don't think so, It's all about your routing table. any network
    application should look at the routing table the machine has, then it
    goes on to it's destination.
    > > Is that due to the difference between a tcp socket and icmp packets?

    >
    > Possibly. There is no standard interface for ICMP packets, so 'ping'
    > has to use raw sockets and can do as it pleases.
    >
    > DS



  14. Re: Force an application to use the IP I want for outgoing packets

    On Jan 24, 3:21 am, David Schwartz wrote:
    > On Jan 23, 3:53 am, Gdss wrote:
    >
    > > I reformulate my question:
    > > is it possible to force an application to bind to a specific interface? If
    > > so, how?

    >
    > No, as this would violate system configured rules. It makes no sense
    > from a system standpoint to send packets away from their destination
    > and can cause real problems such as routing loops. Thus applications
    > are prohibited from doing this.

    -Yes by default applications don't do this, But manually you can do
    this to achieve some targets you have, For example if you have more
    than 1 proxy sever inside your LAN and you want yum to use specific 1
    of them you can force yum to deal with the proxy you want to use, I
    have here 2 proxies then I use them at the same time at least to enjoy
    there bandwidth at the same time, And for other benefits as well, And
    if you have 2 Internet connections configured, with iptables you can
    force your system to use the fastest line of them for HTTP protocol
    for example, By the way some ISPs do some things using these
    techniques, They force the going on ICMP packets to use another line
    than what they use for there Internet activity, I my self was thinking
    to do so, because some users use the ping command time feature to
    discover if the Internet connection is fast or congested, HA, And from
    just some days I was checking a server on acompany and I found the ISP
    there did so and I noticed that when I was downloading and the line
    was congested and the PING time is the same and doesn't feel the
    congession on the line, Iam sorry I wrote alot but I just found that
    would be nice when we know these nice techniques and what they are
    doing to fool people, Thanks for reading my friends.


+ Reply to Thread