Re: [LARTC] Problem with ip spoofing load balancing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I did some dumps with the ulogd pcap target:

http://mail.linuxsystems.it/broken-nospoof-client.pcap
http://mail.linuxsystems.it/broken-nospoof-server.pcap
http://mail.linuxsystems.it/broken-spoofing-client.pcap
http://mail.linuxsystems.it/broken-spoofing-server.pcap
http://mail.linuxsystems.it/working-spoofing-client.pcap
http://mail.linuxsystems.it/working-spoofing-server.pcap

"client" means it is the dump on the client side.
"server" means it is the dump on the server side.
"spoofing" means I sent the output using the ppp0 link (the server IP belongs to the nas0 subnet and so it receives the incoming packets from nas0).
"nospoof" means I did not use ppp0 at all.
"broken" means the client is the one which does not load the page when spoofing is enabled. "working" means the client is the one which does load the page when spoofing is enabled. Both clients (broken and working) do load the page when spoofing is disabled.

nas0 is RFC 2684 routed, it has a 16 IP subnet and a 1500 MTU. The provider is Telecom Italia. ppp0 is pppoatm, it has a single static IP and a 1492 MTU. The provider is Tiscali.

The modem is a Solos multi-port ADSL2+ PCI card.

I opened the dumps with ethereal and it clearly shows a problem:
HTTP	[TCP Previous segment lost] Continuation or non-HTTP traffic
and some
TCP	[TCP Dup ACK 4#1] 39243 > http [ACK] [...]
both RED.

but I don't know how to interpret it.

Why doesn't ip spoofing load balancing work for every client?

Thanks,
Niccolò



Il 26/10/2011 00:10, Niccolò Belli ha scritto:
Hi,
My router is a linux box with two adsl lines attached, one with a 16 IP
subnet and another with a single static address.

Since I need more upload bandwidth and my isp allows me to do ip
spoofing, I decided to do an ip spoofing load bal.

Unfortunately it doesn't work with every client and I don't know why :(

nas0 is the adsl with the public subnet, ppp0 is the adsl with the
single static ip. server_ip is one of the IPs of the subnet.


This is the log with a working client:

SERVER:
Oct 25 22:45:47 firewall kernel: [22098.077637] **NEW** IN NAS0
CONNIN=nas0 OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=60 TOS=0x00
PREC=0x00 TTL=58 ID=16271 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=14600
RES=0x00 SYN URGP=0
Oct 25 22:45:47 firewall kernel: [22098.096517] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=60 TOS=0x00 PREC=0x00
TTL=63 ID=0 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=5792 RES=0x00 ACK SYN
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.195139] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=58 ID=16272 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=229 RES=0x00 ACK
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.214590] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=655 TOS=0x00 PREC=0x00
TTL=58 ID=16273 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=229 RES=0x00 ACK
PSH URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.233922] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=63 ID=51475 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.315441] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=1482 TOS=0x00 PREC=0x00
TTL=63 ID=51476 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.335592] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=155 TOS=0x00 PREC=0x00
TTL=63 ID=51477 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK
PSH URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.355670] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=63 ID=51478 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK
FIN URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.434146] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=58 ID=16274 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=273 RES=0x00 ACK
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.454836] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=58 ID=16275 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=273 RES=0x00 ACK
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.473351] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=58 ID=16276 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=273 RES=0x00 ACK
FIN URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.492317] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=58 ID=16277 DF PROTO=TCP SPT=25258 DPT=80 WINDOW=273 RES=0x00 ACK
URGP=0 MARK=0x4
Oct 25 22:45:48 firewall kernel: [22098.510745] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=63 ID=51479 DF PROTO=TCP SPT=80 DPT=25258 WINDOW=438 RES=0x00 ACK
URGP=0 MARK=0x4

CLIENT:
Oct 25 22:46:27 laptop kernel: [92080.819184] *NEW* OUT CONN IN=
OUT=wlan1 SRC=192.168.1.2 DST=<server_ip> LEN=60 TOS=0x00 PREC=0x00
TTL=64 ID=16271 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=14600 RES=0x00 SYN
URGP=0
Oct 25 22:46:27 laptop kernel: [92080.938028] IN CONN IN=wlan1 OUT=
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip>
DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP
SPT=80 DPT=34877 WINDOW=5792 RES=0x00 ACK SYN URGP=0
Oct 25 22:46:27 laptop kernel: [92080.938067] OUT CONN IN= OUT=wlan1
SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64
ID=16272 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=229 RES=0x00 ACK URGP=0
Oct 25 22:46:27 laptop kernel: [92080.938565] OUT CONN IN= OUT=wlan1
SRC=192.168.1.2 DST=<server_ip> LEN=655 TOS=0x00 PREC=0x00 TTL=64
ID=16273 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=229 RES=0x00 ACK PSH URGP=0
Oct 25 22:46:27 laptop kernel: [92081.075375] IN CONN IN=wlan1 OUT=
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip>
DST=192.168.1.2 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=51475 DF PROTO=TCP
SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK URGP=0
Oct 25 22:46:27 laptop kernel: [92081.174877] IN CONN IN=wlan1 OUT=
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip>
DST=192.168.1.2 LEN=1482 TOS=0x00 PREC=0x00 TTL=51 ID=51476 DF PROTO=TCP
SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK URGP=0
Oct 25 22:46:27 laptop kernel: [92081.174903] OUT CONN IN= OUT=wlan1
SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64
ID=16274 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=273 RES=0x00 ACK URGP=0
Oct 25 22:46:27 laptop kernel: [92081.178769] IN CONN IN=wlan1 OUT=
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip>
DST=192.168.1.2 LEN=155 TOS=0x00 PREC=0x00 TTL=50 ID=51477 DF PROTO=TCP
SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK PSH URGP=0
Oct 25 22:46:27 laptop kernel: [92081.178793] OUT CONN IN= OUT=wlan1
SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64
ID=16275 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=273 RES=0x00 ACK URGP=0
Oct 25 22:46:27 laptop kernel: [92081.178861] OUT CONN IN= OUT=wlan1
SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64
ID=16276 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=273 RES=0x00 ACK FIN URGP=0
Oct 25 22:46:27 laptop kernel: [92081.198553] IN CONN IN=wlan1 OUT=
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip>
DST=192.168.1.2 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=51478 DF PROTO=TCP
SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK FIN URGP=0
Oct 25 22:46:27 laptop kernel: [92081.198590] OUT CONN IN= OUT=wlan1
SRC=192.168.1.2 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00 TTL=64
ID=16277 DF PROTO=TCP SPT=34877 DPT=80 WINDOW=273 RES=0x00 ACK URGP=0
Oct 25 22:46:28 laptop kernel: [92081.351125] IN CONN IN=wlan1 OUT=
MAC=00:c0:ca:21:8a:e6:f0:7d:68:fb:4f:e3:08:00 SRC=<server_ip>
DST=192.168.1.2 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=51479 DF PROTO=TCP
SPT=80 DPT=34877 WINDOW=438 RES=0x00 ACK URGP=0



This is the log with a *NOT* working client:

SERVER:
Oct 25 22:32:55 firewall kernel: [21325.121680] **NEW** IN NAS0
CONNIN=nas0 OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=60 TOS=0x00
PREC=0x00 TTL=54 ID=14919 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=5840
RES=0x00 SYN URGP=0
Oct 25 22:32:55 firewall kernel: [21325.140239] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=60 TOS=0x00 PREC=0x00
TTL=63 ID=0 DF PROTO=TCP SPT=80 DPT=31549 WINDOW=5792 RES=0x00 ACK SYN
URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.236986] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=54 ID=14920 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=46 RES=0x00 ACK
URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.267581] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=653 TOS=0x00 PREC=0x00
TTL=54 ID=14921 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=46 RES=0x00 ACK PSH
URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.286615] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=63 ID=55122 DF PROTO=TCP SPT=80 DPT=31549 WINDOW=438 RES=0x00 ACK
URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.385647] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=137 TOS=0x00 PREC=0x00
TTL=63 ID=55124 DF PROTO=TCP SPT=80 DPT=31549 WINDOW=438 RES=0x00 ACK
PSH URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.405173] OUT PPP0 CONNIN=ethWEB
OUT=ppp0 SRC=<server_ip> DST=<client_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=63 ID=55125 DF PROTO=TCP SPT=80 DPT=31549 WINDOW=438 RES=0x00 ACK
FIN URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.484020] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=64 TOS=0x00 PREC=0x00
TTL=54 ID=14922 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=46 RES=0x00 ACK
URGP=0 MARK=0x4
Oct 25 22:32:55 firewall kernel: [21325.504418] IN NAS0 CONNIN=nas0
OUT=ethWEB SRC=<client_ip> DST=<server_ip> LEN=64 TOS=0x00 PREC=0x00
TTL=54 ID=14923 DF PROTO=TCP SPT=31549 DPT=80 WINDOW=46 RES=0x00 ACK
URGP=0 MARK=0x4

CLIENT:
Oct 25 22:32:54 shoutcast-server kernel: [180468.541703] *NEW* OUT CONN
IN= OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=60 TOS=0x00
PREC=0x00 TTL=64 ID=14919 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=5840
RES=0x00 SYN URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.659871] IN CONN IN=eth0
OUT= MAC=00:01:2e:2d:72:e3:00:11:92:95:25:72:08:00 SRC=<server_ip>
DST=192.168.203.10 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=TCP
SPT=80 DPT=49680 WINDOW=5792 RES=0x00 ACK SYN URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.659935] OUT CONN IN=
OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=52 TOS=0x00 PREC=0x00
TTL=64 ID=14920 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=46 RES=0x00 ACK URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.660406] OUT CONN IN=
OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=653 TOS=0x00 PREC=0x00
TTL=64 ID=14921 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=46 RES=0x00 ACK PSH
URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.805969] IN CONN IN=eth0
OUT= MAC=00:01:2e:2d:72:e3:00:11:92:95:25:72:08:00 SRC=<server_ip>
DST=192.168.203.10 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=55122 DF
PROTO=TCP SPT=80 DPT=49680 WINDOW=438 RES=0x00 ACK URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.908678] IN CONN IN=eth0
OUT= MAC=00:01:2e:2d:72:e3:00:11:92:95:25:72:08:00 SRC=<server_ip>
DST=192.168.203.10 LEN=137 TOS=0x00 PREC=0x00 TTL=48 ID=55124 DF
PROTO=TCP SPT=80 DPT=49680 WINDOW=438 RES=0x00 ACK PSH URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.908733] OUT CONN IN=
OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=64 TOS=0x00 PREC=0x00
TTL=64 ID=14922 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=46 RES=0x00 ACK URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.924857] IN CONN IN=eth0
OUT= MAC=00:01:2e:2d:72:e3:00:11:92:95:25:72:08:00 SRC=<server_ip>
DST=192.168.203.10 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=55125 DF
PROTO=TCP SPT=80 DPT=49680 WINDOW=438 RES=0x00 ACK FIN URGP=0
Oct 25 22:32:55 shoutcast-server kernel: [180468.924914] OUT CONN IN=
OUT=eth0 SRC=192.168.203.10 DST=<server_ip> LEN=64 TOS=0x00 PREC=0x00
TTL=64 ID=14923 DF PROTO=TCP SPT=49680 DPT=80 WINDOW=46 RES=0x00 ACK URGP=0



As you can see both clients do receive the spoofed packets, but the
second one can't load the page.


Suggestions?

Thanks,
Niccolò
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxxxxxxxx
http://lists.linuxsystems.it/listinfo/lartc

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux