Cannot use a secondary IP for outgoing traffic

Question

I have a server (Ubuntu 18.04) with multiple IP address in the same network device.

This is the ip a return:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 06:9b:1c:00:00:2a brd ff:ff:ff:ff:ff:ff
    inet 191.XXX.XXX.51/23 brd 191.XXX.XXX.255 scope global dynamic ens3
       valid_lft 80087sec preferred_lft 80087sec
    inet 179.XXX.XXX.0/32 scope global ens3
       valid_lft forever preferred_lft forever
    inet 179.XXX.XXX.1/32 scope global ens3
       valid_lft forever preferred_lft forever
    inet 179.XXX.XXX.2/32 scope global ens3
       valid_lft forever preferred_lft forever
    inet 179.XXX.XXX.3/32 scope global ens3
       valid_lft forever preferred_lft forever
    inet6 fe80::XXX:XXX:XXX:2a/64 scope link
       valid_lft forever preferred_lft forever

And this is my route -n return:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         191.XXX.XXX.1   0.0.0.0         UG    100    0        0 ens3
191.XXX.XXX.0   0.0.0.0         255.255.254.0   U     0      0        0 ens3
191.XXX.XXX.1   0.0.0.0         255.255.255.255 UH    100    0        0 ens3

So I have a main public IP: 191.XXX.XXX.51 and 4 more secondary public IPs: 179.XXX.XXX.0-3

My final goal is to use my secondary IPs for outgoing connections, I think that I can achieve this using routing tables or iptables, but I don't know how.

For example: If I ping google.com:

user@server:# ping google.com

PING google.com (216.58.202.142) 56(84) bytes of data.
64 bytes from gru06s29-in-f142.1e100.net (216.58.202.142): icmp_seq=1 ttl=57 time=1.01 ms
64 bytes from gru06s29-in-f142.1e100.net (216.58.202.142): icmp_seq=2 ttl=57 time=1.05 ms
64 bytes from gru06s29-in-f142.1e100.net (216.58.202.142): icmp_seq=3 ttl=57 time=0.965 ms
64 bytes from gru06s29-in-f142.1e100.net (216.58.202.142): icmp_seq=4 ttl=57 time=0.993 ms
^C
--- google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 0.965/1.005/1.055/0.050 ms

Everything works fine, but if I choose another IP to be the source of the ping:

ping -I 179.XXX.XXX.1 google.com

The ping has 100% packet loss.

The same happens with tinyproxy, if I configure to use the secondary IP as outgoing IP the connection just fails.

PS. The secondary IP works if I ping them from outside the server.

So how can I make the secondary IP useful to reach the Internet?

score 0 · Answer 1 · answered Apr 27 '19 at 18:02

0

It's pretty simple. You just overwrite the default route with src attribute. This value will be used as source address for outgoing connections.

ip route replace 0/0 via <gw-ip> src <sec-ip-addr>

answered Apr 27 '19 at 18:02

Anton Danilov

5,082
2
13
23

When I do that I can't ping anymore any site – Gui May 01 '19 at 19:38
Usage of these secondary addresses requires the setup on the remote side of your connection. These secondary addresses can be assigned in the same broadcast domain or can be routed trought your primary address. Have your ISP provide the information about it? – Anton Danilov May 01 '19 at 20:13
I just resolve my problem. The problem is the way I'm configuring these secondary IPs. I'm using the ip addr command, but now I use the netplan in Ubuntu 18.04 and everything works fine. Thanks – Gui May 01 '19 at 20:40
Hm.. It's very curious. Can you paste the current state of ip addresses and routing table to help to figure out what's different? If you can, use `ip` command, not `route`. – Anton Danilov May 02 '19 at 01:50

Cannot use a secondary IP for outgoing traffic

1 Answers1