[prev in list] [next in list] [prev in thread] [next in thread]
List: netfilter
Subject: Re: [LARTC] Problem with ip spoofing load balancing
From: Niccolò_Belli <darkbasic () linuxsystems ! it>
Date: 2011-10-26 12:26:49
Message-ID: 4EA7FC89.8060907 () linuxsystems ! it
[Download RAW message or body]
I did some dumps with the ulogd pcap target:
http://mail.linuxsystems.it/broken-nospoof-client.pcap
http://mail.linuxsystems.it/broken-nospoof-server.pcap
http://mail.linuxsystems.it/broken-spoofing-client.pcap
http://mail.linuxsystems.it/broken-spoofing-server.pcap
http://mail.linuxsystems.it/working-spoofing-client.pcap
http://mail.linuxsystems.it/working-spoofing-server.pcap
"client" means it is the dump on the client side.
"server" means it is the dump on the server side.
"spoofing" means I sent the output using the ppp0 link (the server IP
belongs to the nas0 subnet and so it receives the incoming packets from
nas0).
"nospoof" means I did not use ppp0 at all.
"broken" means the client is the one which does not load the page when
spoofing is enabled.
"working" means the client is the one which does load the page when
spoofing is enabled.
Both clients (broken and working) do load the page when spoofing is
disabled.
nas0 is RFC 2684 routed, it has a 16 IP subnet and a 1500 MTU. The
provider is Telecom Italia.
ppp0 is pppoatm, it has a single static IP and a 1492 MTU. The provider
is Tiscali.
The modem is a Solos multi-port ADSL2+ PCI card.
I opened the dumps with ethereal and it clearly shows a problem:
HTTP [TCP Previous segment lost] Continuation or non-HTTP traffic
and some
TCP [TCP Dup ACK 4#1] 39243 > http [ACK] [...]
both RED.
but I don't know how to interpret it.
Why doesn't ip spoofing load balancing work for every client?
Thanks,
Niccolò
Il 26/10/2011 00:10, Niccolò Belli ha scritto:
> Hi,
> My router is a linux box with two adsl lines attached, one with a 16 IP
> subnet and another with a single static address.
>
> Since I need more upload bandwidth and my isp allows me to do ip
> spoofing, I decided to do an ip spoofing load bal.
>
> Unfortunately it doesn't work with every client and I don't know why :(
>
> nas0 is the adsl with the public subnet, ppp0 is the adsl with the
> single static ip. server_ip is one of the IPs of the subnet.
>
>
> This is the log with a working client:
>
> SERVER:
> Oct 25 22:45:47 firewall kernel: [22098.077637] **NEW** IN NAS0
> CONNIN=nas0 OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=60 TOS=0x00
> PREC=0x00 TTL=58 ID=16271 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=14600
> RES=0x00 SYN URGP=0
> Oct 25 22:45:47 firewall kernel: [22098.096517] OUT PPP0 CONNIN=ethWEB
> OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=60 TOS=0x00 PREC=0x00
> TTL=63 ID=0 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=5792 RES=0x00 ACK SYN
> URGP=0 MARK=0x4
> Oct 25 22:45:48 firewall kernel: [22098.195139] IN NAS0 CONNIN=nas0
> OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
> TTL=58 ID=16272 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=229 RES=0x00 ACK
> URGP=0 MARK=0x4
> Oct 25 22:45:48 firewall kernel: [22098.214590] IN NAS0 CONNIN=nas0
> OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=655 TOS=0x00 PREC=0x00
> TTL=58 ID=16273 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=229 RES=0x00 ACK
> PSH URGP=0 MARK=0x4
> Oct 25 22:45:48 firewall kernel: [22098.233922] OUT PPP0 CONNIN=ethWEB
> OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00
> TTL=63 ID=51475 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK
> URGP=0 MARK=0x4
> Oct 25 22:45:48 firewall kernel: [22098.315441] OUT PPP0 CONNIN=ethWEB
> OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=1482 TOS=0x00 PREC=0x00
> TTL=63 ID=51476 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK
> URGP=0 MARK=0x4
> Oct 25 22:45:48 firewall kernel: [22098.335592] OUT PPP0 CONNIN=ethWEB
> OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=155 TOS=0x00 PREC=0x00
> TTL=63 ID=51477 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK
> PSH URGP=0 MARK=0x4
> Oct 25 22:45:48 firewall kernel: [22098.355670] OUT PPP0 CONNIN=ethWEB
> OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00
> TTL=63 ID=51478 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK
> FIN URGP=0 MARK=0x4
> Oct 25 22:45:48 firewall kernel: [22098.434146] IN NAS0 CONNIN=nas0
> OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
> TTL=58 ID=16274 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=273 RES=0x00 ACK
> URGP=0 MARK=0x4
> Oct 25 22:45:48 firewall kernel: [22098.454836] IN NAS0 CONNIN=nas0
> OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
> TTL=58 ID=16275 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=273 RES=0x00 ACK
> URGP=0 MARK=0x4
> Oct 25 22:45:48 firewall kernel: [22098.473351] IN NAS0 CONNIN=nas0
> OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
> TTL=58 ID=16276 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=273 RES=0x00 ACK
> FIN URGP=0 MARK=0x4
> Oct 25 22:45:48 firewall kernel: [22098.492317] IN NAS0 CONNIN=nas0
> OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
> TTL=58 ID=16277 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=273 RES=0x00 ACK
> URGP=0 MARK=0x4
> Oct 25 22:45:48 firewall kernel: [22098.510745] OUT PPP0 CONNIN=ethWEB
> OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00
> TTL=63 ID=51479 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK
> URGP=0 MARK=0x4
>
> CLIENT:
> Oct 25 22:46:27 laptop kernel: [92080.819184] *NEW* OUT CONN IN=
> OUT=wlan1 SRC=192.168.1.2 DST=<server_ip> LEN=60 TOS=0x00 PREC=0x00
> TTL=64 ID=16271 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=14600 RES=0x00 SYN
> URGP=0
> Oct 25 22:46:27 laptop kernel: [92080.938028] IN CONN IN=wlan1 OUT=
> MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip>
> DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP
> SPT=80 DPT=34877 WINDOW=5792 RES=0x00 ACK SYN URGP=0
> Oct 25 22:46:27 laptop kernel: [92080.938067] OUT CONN IN= OUT=wlan1
> SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64
> ID=16272 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=229 RES=0x00 ACK URGP=0
> Oct 25 22:46:27 laptop kernel: [92080.938565] OUT CONN IN= OUT=wlan1
> SRC=192.168.1.2 DST=<server_ip> LEN=655 TOS=0x00 PREC=0x00 TTL=64
> ID=16273 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=229 RES=0x00 ACK PSH URGP=0
> Oct 25 22:46:27 laptop kernel: [92081.075375] IN CONN IN=wlan1 OUT=
> MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip>
> DST=192.168.1.2 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=51475 DF PROTO=TCP
> SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK URGP=0
> Oct 25 22:46:27 laptop kernel: [92081.174877] IN CONN IN=wlan1 OUT=
> MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip>
> DST=192.168.1.2 LEN=1482 TOS=0x00 PREC=0x00 TTL=51 ID=51476 DF PROTO=TCP
> SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK URGP=0
> Oct 25 22:46:27 laptop kernel: [92081.174903] OUT CONN IN= OUT=wlan1
> SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64
> ID=16274 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=273 RES=0x00 ACK URGP=0
> Oct 25 22:46:27 laptop kernel: [92081.178769] IN CONN IN=wlan1 OUT=
> MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip>
> DST=192.168.1.2 LEN=155 TOS=0x00 PREC=0x00 TTL=50 ID=51477 DF PROTO=TCP
> SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK PSH URGP=0
> Oct 25 22:46:27 laptop kernel: [92081.178793] OUT CONN IN= OUT=wlan1
> SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64
> ID=16275 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=273 RES=0x00 ACK URGP=0
> Oct 25 22:46:27 laptop kernel: [92081.178861] OUT CONN IN= OUT=wlan1
> SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64
> ID=16276 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=273 RES=0x00 ACK FIN URGP=0
> Oct 25 22:46:27 laptop kernel: [92081.198553] IN CONN IN=wlan1 OUT=
> MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip>
> DST=192.168.1.2 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=51478 DF PROTO=TCP
> SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK FIN URGP=0
> Oct 25 22:46:27 laptop kernel: [92081.198590] OUT CONN IN= OUT=wlan1
> SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64
> ID=16277 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=273 RES=0x00 ACK URGP=0
> Oct 25 22:46:28 laptop kernel: [92081.351125] IN CONN IN=wlan1 OUT=
> MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip>
> DST=192.168.1.2 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=51479 DF PROTO=TCP
> SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK URGP=0
>
>
>
> This is the log with a *NOT* working client:
>
> SERVER:
> Oct 25 22:32:55 firewall kernel: [21325.121680] **NEW** IN NAS0
> CONNIN=nas0 OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=60 TOS=0x00
> PREC=0x00 TTL=54 ID=14919 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=5840
> RES=0x00 SYN URGP=0
> Oct 25 22:32:55 firewall kernel: [21325.140239] OUT PPP0 CONNIN=ethWEB
> OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=60 TOS=0x00 PREC=0x00
> TTL=63 ID=0 DF PROTO=TCP SPT=80 DPT=31549 WINDOW=5792 RES=0x00 ACK SYN
> URGP=0 MARK=0x4
> Oct 25 22:32:55 firewall kernel: [21325.236986] IN NAS0 CONNIN=nas0
> OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
> TTL=54 ID=14920 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=46 RES=0x00 ACK
> URGP=0 MARK=0x4
> Oct 25 22:32:55 firewall kernel: [21325.267581] IN NAS0 CONNIN=nas0
> OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=653 TOS=0x00 PREC=0x00
> TTL=54 ID=14921 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=46 RES=0x00 ACK PSH
> URGP=0 MARK=0x4
> Oct 25 22:32:55 firewall kernel: [21325.286615] OUT PPP0 CONNIN=ethWEB
> OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00
> TTL=63 ID=55122 DF PROTO=TCP SPT=80 DPT=31549 WINDOW=438 RES=0x00 ACK
> URGP=0 MARK=0x4
> Oct 25 22:32:55 firewall kernel: [21325.385647] OUT PPP0 CONNIN=ethWEB
> OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=137 TOS=0x00 PREC=0x00
> TTL=63 ID=55124 DF PROTO=TCP SPT=80 DPT=31549 WINDOW=438 RES=0x00 ACK
> PSH URGP=0 MARK=0x4
> Oct 25 22:32:55 firewall kernel: [21325.405173] OUT PPP0 CONNIN=ethWEB
> OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00
> TTL=63 ID=55125 DF PROTO=TCP SPT=80 DPT=31549 WINDOW=438 RES=0x00 ACK
> FIN URGP=0 MARK=0x4
> Oct 25 22:32:55 firewall kernel: [21325.484020] IN NAS0 CONNIN=nas0
> OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=64 TOS=0x00 PREC=0x00
> TTL=54 ID=14922 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=46 RES=0x00 ACK
> URGP=0 MARK=0x4
> Oct 25 22:32:55 firewall kernel: [21325.504418] IN NAS0 CONNIN=nas0
> OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=64 TOS=0x00 PREC=0x00
> TTL=54 ID=14923 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=46 RES=0x00 ACK
> URGP=0 MARK=0x4
>
> CLIENT:
> Oct 25 22:32:54 shoutcast-server kernel: [180468.541703] *NEW* OUT CONN
> IN= OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=60 TOS=0x00
> PREC=0x00 TTL=64 ID=14919 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=5840
> RES=0x00 SYN URGP=0
> Oct 25 22:32:55 shoutcast-server kernel: [180468.659871] IN CONN IN=eth0
> OUT= MAC=00:01:2e:2d:72:e3:00:11:92:95:25:72:08:00 SRC=<server_ip>
> DST=192.168.203.10 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=TCP
> SPT=80 DPT=49680 WINDOW=5792 RES=0x00 ACK SYN URGP=0
> Oct 25 22:32:55 shoutcast-server kernel: [180468.659935] OUT CONN IN=
> OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
> TTL=64 ID=14920 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=46 RES=0x00 ACK URGP=0
> Oct 25 22:32:55 shoutcast-server kernel: [180468.660406] OUT CONN IN=
> OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=653 TOS=0x00 PREC=0x00
> TTL=64 ID=14921 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=46 RES=0x00 ACK PSH
> URGP=0
> Oct 25 22:32:55 shoutcast-server kernel: [180468.805969] IN CONN IN=eth0
> OUT= MAC=00:01:2e:2d:72:e3:00:11:92:95:25:72:08:00 SRC=<server_ip>
> DST=192.168.203.10 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=55122 DF
> PROTO=TCP SPT=80 DPT=49680 WINDOW=438 RES=0x00 ACK URGP=0
> Oct 25 22:32:55 shoutcast-server kernel: [180468.908678] IN CONN IN=eth0
> OUT= MAC=00:01:2e:2d:72:e3:00:11:92:95:25:72:08:00 SRC=<server_ip>
> DST=192.168.203.10 LEN=137 TOS=0x00 PREC=0x00 TTL=48 ID=55124 DF
> PROTO=TCP SPT=80 DPT=49680 WINDOW=438 RES=0x00 ACK PSH URGP=0
> Oct 25 22:32:55 shoutcast-server kernel: [180468.908733] OUT CONN IN=
> OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=64 TOS=0x00 PREC=0x00
> TTL=64 ID=14922 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=46 RES=0x00 ACK URGP=0
> Oct 25 22:32:55 shoutcast-server kernel: [180468.924857] IN CONN IN=eth0
> OUT= MAC=00:01:2e:2d:72:e3:00:11:92:95:25:72:08:00 SRC=<server_ip>
> DST=192.168.203.10 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=55125 DF
> PROTO=TCP SPT=80 DPT=49680 WINDOW=438 RES=0x00 ACK FIN URGP=0
> Oct 25 22:32:55 shoutcast-server kernel: [180468.924914] OUT CONN IN=
> OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=64 TOS=0x00 PREC=0x00
> TTL=64 ID=14923 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=46 RES=0x00 ACK URGP=0
>
>
>
> As you can see both clients do receive the spoofed packets, but the
> second one can't load the page.
>
>
> Suggestions?
>
> Thanks,
> Niccolò
> _______________________________________________
> LARTC mailing list
> LARTC@lists.linuxsystems.it
> http://lists.linuxsystems.it/listinfo/lartc
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic