Force an application to use the IP I want for outgoing packets

Hello everybody,

I'm in a situation where I have 2 network interfaces, each one has a public
ip address, and the default route is set on the interface 0.

If I wanted to use interface 1 for the application I'm about to launch, how
could I do?

Let's imagine I want to do a ping using as source address the IP of the
interface 1, and I want packets generated by it routed through interface 1.
Is that possible?

I tried doing "ping -I <address of interface 1> destination" and it seems to
work. I also tried to do an ssh -b <address of interface 1> destination,
but it doesn't work.

Any hints?
Thank you very much.

On Jan 22, 2:52 am, Gdss <g...@picaciux.it> wrote:
> Hello everybody,
>
> I'm in a situation where I have 2 network interfaces, each one has a public
> ip address, and the default route is set on the interface 0.
>
> If I wanted to use interface 1 for the application I'm about to launch, how
> could I do?
>
> Let's imagine I want to do a ping using as source address the IP of the
> interface 1, and I want packets generated by it routed through interface 1.
> Is that possible?
>
> I tried doing "ping -I <address of interface 1> destination" and it seems to
> work. I also tried to do an ssh -b <address of interface 1> destination,
> but it doesn't work.
>
> Any hints?
> Thank you very much.

Your question seems to be a bit confused. Which interface is used to
transmit a packet has nothing whatsoever to do with the source address
of the packet. The choice of outbound interfaces depends on the
*destination*, not the source.

If a machine has two interfaces, 'A' numbered 192.168.31.1/24 and 'B'
numbered 129.168.34.1/42, it will use interface 'A' if the
*destination* is 192.168.31.5 even if the source is 192.168.34.1.

DS

On Tue, 22 Jan 2008, in the Usenet newsgroup comp.os.linux.networking, in
article <fn4pv6$pa8$(E-Mail Removed)>, Gdss wrote:

>I'm in a situation where I have 2 network interfaces, each one has a
>public ip address, and the default route is set on the interface 0.
>
>If I wanted to use interface 1 for the application I'm about to launch,
>how could I do?

"Policy Routing"

[compton ~]$ whatis ip tc
ip (8) - show / manipulate routing, devices, policy routing and tunnels
tc (8) - show / manipulate traffic control settings
[compton ~]$

See the Adv-Routing-HOWTO for additional details.

-rw-rw-r-- 1 gferg ldp 297491 Sep 4 2003 Adv-Routing-HOWTO

But this also assumes that the application can be bound to a specific
interface. Some allow this, some don't.

Old guy

On Jan 22, 12:52 pm, Gdss <g...@picaciux.it> wrote:
> Hello everybody,
>
> I'm in a situation where I have 2 network interfaces, each one has a public
> ip address, and the default route is set on the interface 0.
>
> If I wanted to use interface 1 for the application I'm about to launch, how
> could I do?
>
> Let's imagine I want to do a ping using as source address the IP of the
> interface 1, and I want packets generated by it routed through interface 1.
> Is that possible?
-It's all about routing man, I use the ping command with -i only when
I have 2 gateways to the Internet, And this setup called multipath
routing or dual routing, Check www.lartc.org for details.
-But if you don't have 2 Internet connections so why you use -i or
whatever, The Linux routing table will lead the application to it's
destination as it should go according to the routing table. You can
force your system to go through a specific interface when you want to
reach specific host through this interface with the route command
like, route add -host 11.22.33.44 gw 192.168.1.2, This way your system
will go to 11.22.33.44 through 192.168.1.2 interface. I wish I could
help someway.
> I tried doing "ping -I <address of interface 1> destination" and it seems to
> work. I also tried to do an ssh -b <address of interface 1> destination,
> but it doesn't work.
>
> Any hints?
> Thank you very much.
Regards,

David Schwartz wrote:

> On Jan 22, 2:52 am, Gdss <g...@picaciux.it> wrote:
>> Hello everybody,
>>
>> I'm in a situation where I have 2 network interfaces, each one has a
>> public ip address, and the default route is set on the interface 0.
>>
>> If I wanted to use interface 1 for the application I'm about to launch,
>> how could I do?
>>
>> Let's imagine I want to do a ping using as source address the IP of the
>> interface 1, and I want packets generated by it routed through interface
>> 1. Is that possible?
>>
>> I tried doing "ping -I <address of interface 1> destination" and it seems
>> to work. I also tried to do an ssh -b <address of interface 1>
>> destination, but it doesn't work.
>>
>> Any hints?
>> Thank you very much.
>
> Your question seems to be a bit confused. Which interface is used to
> transmit a packet has nothing whatsoever to do with the source address
> of the packet. The choice of outbound interfaces depends on the
> *destination*, not the source.
>
> If a machine has two interfaces, 'A' numbered 192.168.31.1/24 and 'B'
> numbered 129.168.34.1/42, it will use interface 'A' if the
> *destination* is 192.168.31.5 even if the source is 192.168.34.1.

So, if I explicity binded to one ip address, that would just mean that the
source ip address would set to that ip address? So that is not a bind to an
interface, but a mere selection of the source address?
Thus there is no bind to an interface?

I did this test:
I started an umts connection (ppp0 has been created);
I unplugged the ethernet cable
Then I did this:

wget --bind-address <ppp0 ip> http://XXXXXXXXXXX /index.php
--12:36:08-- http://XXXXXXXXXXX /index.php
=> `index.php'
Risoluzione di www.XXXXXXXXXXX in corso... 62.149.140.20
Connessione a XXXXXXXXXXX |62.149.140.20:80... failed: No route to the host

So, this confirms your statement.

Then I did:
ping -I ppp0 209.85.129.104 (google)
PING 209.85.129.104 (209.85.129.104) from YYYYYYYYYYY ppp0: 56(84) bytes of
data.
64 bytes from 209.85.129.104: icmp_seq=1 ttl=241 time=2257 ms
64 bytes from 209.85.129.104: icmp_seq=2 ttl=241 time=1276 ms
64 bytes from 209.85.129.104: icmp_seq=3 ttl=241 time=277 ms
64 bytes from 209.85.129.104: icmp_seq=4 ttl=241 time=187 ms

YYYYYYYYYYY (eth0 ip address!!)

The things I don't understand:
1) why ping uses the ip address of eth0
2) why packets get routed through ppp0 interface.

Is that due to the difference between a tcp socket and icmp packets?

Thanks.

Gdss wrote:

I reformulate my question:
is it possible to force an application to bind to a specific interface? If
so, how?
Thanks.

Gdss wrote:

> The things I don't understand:
> 1) why ping uses the ip address of eth0

I think I've seen this noted as an iputils ping bug, can't remember where.

Andy.

habibielwa7id wrote:

> force your system to go through a specific interface when you want to
> reach specific host through this interface with the route command
> like, route add -host 11.22.33.44 gw 192.168.1.2, This way your system
> will go to 11.22.33.44 through 192.168.1.2 interface. I wish I could
> help someway.
>
AHA !! busted!!! LOL.

I was under the impression that gateway needs to be an IP
on the other side of the wire? Which is used to address that interface
with MAC??
Although this doesn't quite fit when I look at my windows routing table
and an entry for my LAN/nic reads:

Destination Netmask Gateway Interface
192.168.1.0 255.255.255.255 192.168.1.25 192.168.1.25
and why is the mask 255 at the end?

the multicast I think I understand , no destination ever
224.0.0.0 224.0.0.0 192.168.1.25 192.168.1.25 1

Sambo <(E-Mail Removed)> wrote:
> habibielwa7id wrote:

> > force your system to go through a specific interface when you want to
> > reach specific host through this interface with the route command
> > like, route add -host 11.22.33.44 gw 192.168.1.2, This way your system
> > will go to 11.22.33.44 through 192.168.1.2 interface. I wish I could
> > help someway.
> >
> AHA !! busted!!! LOL.

> I was under the impression that gateway needs to be an IP on the
> other side of the wire? Which is used to address that interface with
> MAC??

When a "system local" IP address is used as a gateway (with a metric
of 0 IIRC) the system will then ARP for the remote IP address. This
will "work" if one of the routers on that LAN is configured to support
"proxy ARP" and is willing to send an ARP reply.

If you don't have routers which support "proxy ARP" you would have to
add an entry to the local system's ARP cache which associated the
remote IP address with the MAC address of the router.

Some systems/oses/stacks, if they are configured to run under what is
called the "strong es model" (es == end system) will include the
source IP address when performing route lookups and may (will?) prefer
routes with a matching source IP. On such systems, 99 times out of 10
it may be sufficient to bind to the IP assigned to the desired egress
interface - assuming suitable routes are in the routing table. Such
systems can even have (the moral equivalent to) per-interface
"default" routes. A system configured for the strong es model will
accept traffic for a local IP only if it is received on an interface
which was assigned that IP.

By default at least, "Linux" operates under a very "weak" end system
model, all the way down to ARP, which can make configuring multiple
interfaces, even into separate IP subnets, very interesting when
they are connected to the same broadcast domain (switches)...

> Although this doesn't quite fit when I look at my windows routing
> table and an entry for my LAN/nic reads:

Um, if you are running windows, why are you asking in a Linux group?-)

> Destination Netmask Gateway Interface
> 192.168.1.0 255.255.255.255 192.168.1.25 192.168.1.25
> and why is the mask 255 at the end?

> the multicast I think I understand , no destination ever
> 224.0.0.0 224.0.0.0 192.168.1.25 192.168.1.25 1

--
web2.0 n, the dot.com reunion tour...
these opinions are mine, all mine; HP might not want them anyway...
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

On Jan 23, 3:44 am, Gdss <g...@picaciux.it> wrote:

> > Your question seems to be a bit confused. Which interface is used to
> > transmit a packet has nothing whatsoever to do with the source address
> > of the packet. The choice of outbound interfaces depends on the
> > *destination*, not the source.

> > If a machine has two interfaces, 'A' numbered 192.168.31.1/24 and 'B'
> > numbered 129.168.34.1/42, it will use interface 'A' if the
> > *destination* is 192.168.31.5 even if the source is 192.168.34.1.

> So, if I explicity binded to one ip address, that would just mean that the
> source ip address would set to that ip address?

Correct.

> So that is not a bind to an
> interface, but a mere selection of the source address?

Right.

> Thus there is no bind to an interface?

Such a thing would make no sense. The interface a packet is sent on
depends on where it is going.

> I did this test:
> I started an umts connection (ppp0 has been created);
> I unplugged the ethernet cable
> Then I did this:
>
> wget --bind-address <ppp0 ip>http://XXXXXXXXXXX/index.php
> --12:36:08-- http://XXXXXXXXXXX/index.php
> => `index.php'
> Risoluzione diwww.XXXXXXXXXXXin corso... 62.149.140.20
> Connessione a XXXXXXXXXXX |62.149.140.20:80... failed: No route to the host
>
> So, this confirms your statement.
>
> Then I did:
> ping -I ppp0 209.85.129.104 (google)
> PING 209.85.129.104 (209.85.129.104) from YYYYYYYYYYY ppp0: 56(84) bytes of
> data.
> 64 bytes from 209.85.129.104: icmp_seq=1 ttl=241 time=2257 ms
> 64 bytes from 209.85.129.104: icmp_seq=2 ttl=241 time=1276 ms
> 64 bytes from 209.85.129.104: icmp_seq=3 ttl=241 time=277 ms
> 64 bytes from 209.85.129.104: icmp_seq=4 ttl=241 time=187 ms
>
> YYYYYYYYYYY (eth0 ip address!!)
>
> The things I don't understand:
> 1) why ping uses the ip address of eth0

Because 'ping' has to use raw sockets, it can use its own algorithm to
choose the source address. The normal rules don't apply to it. I'm not
sure why it chooses as it does.

> 2) why packets get routed through ppp0 interface.

The 'ping' program should choose the interface "closest" to the
destination. But again, it can follow its own rules.

> Is that due to the difference between a tcp socket and icmp packets?

Possibly. There is no standard interface for ICMP packets, so 'ping'
has to use raw sockets and can do as it pleases.

DS