Bind outgoing traffic to eth0 instead of eth0:1

MiDo picture MiDo · Dec 16, 2011 · Viewed 10.4k times · Source

We added a second IP-Adress to a linux (debian) machine to implement a second SSL-certificate to a new Apache vhost.

Our ifconfig now looks like this:

eth0      Link encap:Ethernet  Hardware Adresse 00:0c:29:1b:ab:6c
          inet Adresse:999.999.999.39  Bcast:999.999.999.63  Maske:255.255.255.192
          inet6-Adresse: (...)/64 Gültigkeitsbereich:Verbindung
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metrik:1
          RX packets:219336884 errors:0 dropped:0 overruns:0 frame:0
          TX packets:223169420 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0 Sendewarteschlangenlänge:1000
          RX bytes:1971307659 (1.8 GiB)  TX bytes:713489565 (680.4 MiB)

eth0:1    Link encap:Ethernet  Hardware Adresse (...)
          inet Adresse:999.999.999.40  Bcast:999.999.999.63  Maske:255.255.255.192
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metrik:1

Problem: All outgoing traffic (MySQL connections to external DB-server, outgoing SMTP connections from postfix) now seems to leave through eth0:1, hence the second (new) IP 999.999.999.40.

How can we force all outgoing traffic to leave through eth0, IP-adress 999.999.999.39?

Output of route:

[n1 ~ #] route
Kernel-IP-Routentabelle
Ziel            Router          Genmask         Flags Metric Ref    Use Iface
localnet        *               255.255.255.192 U     0      0        0 eth0
10.10.10.0      *               255.255.255.0   U     0      0        0 eth1
default         gateway4.XXX    0.0.0.0         UG    0      0        0 eth0
default         gateway4.XXX    0.0.0.0         UG    0      0        0 eth0

Found solution:

Thanks for your hints, ip route was the way to go, now it works as desired.

ip rule add from 999.999.999.39 table t1
ip rule add from 999.999.999.40 table t2
ip route del default via 999.999.999.1
ip route add default 999.999.999.1 dev eth0 table t1
ip route flush cache

Answer

Cédric Julien picture Cédric Julien · Dec 16, 2011

I think you'll have to play with the route command to tell the system how to route the packets. Something like :

route add -net APACHE_VHOST_IP netmask 255.255.255.0 dev eth0:1

to force the packet in destination of APACHE_VHOST_IP to use the eth0:1 interface.

And

route add -net MYSQL_SERVER_IP netmask 255.255.255.0 dev eth0

to force the packet in destination of MYSQL_SERVER_IP to use the eth0 interface.