Извините, еще молодой зеленый
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:13:8f:9a:c3:59 brd ff:ff:ff:ff:ff:ff
inet 192.168.15.20/24 brd 192.168.15.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::213:8fff:fe9a:c359/64 scope link
valid_lft forever preferred_lft forever
3: ppp1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1446 qdisc pfifo_fast state UNKNOWN group default qlen 3
link/ppp
inet 192.168.10.2 peer 192.168.1.1/32 scope global ppp1
valid_lft forever preferred_lft forever
4: ppp2: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1446 qdisc pfifo_fast state UNKNOWN group default qlen 3
link/ppp
inet 192.168.50.2 peer 192.168.10.1/32 scope global ppp2
valid_lft forever preferred_lft forever
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
10861 148 0 0 0 0
TX: bytes packets errors dropped carrier collsns
10861 148 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:13:8f:9a:c3:59 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
628013 6834 0 0 0 65
TX: bytes packets errors dropped carrier collsns
794615 6839 0 0 0 0
3: ppp1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1446 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 3
link/ppp
RX: bytes packets errors dropped overrun mcast
104673 1265 0 0 0 0
TX: bytes packets errors dropped carrier collsns
293212 1196 0 0 0 0
4: ppp2: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1446 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 3
link/ppp
RX: bytes packets errors dropped overrun mcast
111076 2587 0 0 0 0
TX: bytes packets errors dropped carrier collsns
60626 1325 0 0 0 0
default via 192.168.1.1 dev ppp1 table lanet1
default via 192.168.10.1 dev ppp2 table usa2
default via 192.168.15.1 dev eth0
73.176.150.100 via 192.168.15.1 dev eth0 src 192.168.15.20
77.88.8.1 via 192.168.1.1 dev ppp1
169.254.0.0/16 dev eth0 scope link metric 1000
176.37.200.100 via 192.168.15.1 dev eth0 src 192.168.15.20
192.168.1.1 dev ppp1 proto kernel scope link src 192.168.10.2
192.168.10.1 dev ppp2 proto kernel scope link src 192.168.50.2
192.168.15.0/24 dev eth0 proto kernel scope link src 192.168.15.20
194.50.85.1 via 192.168.1.1 dev ppp1
194.50.85.2 via 192.168.1.1 dev ppp1
fe80::/64 dev eth0 proto kernel metric 256
ff00::/8 dev eth0 table local metric 256
Еще - дополнительные маршруты прописаны мною. На решение задачи не влияют.
Это пускаю запросы к DNS по другим маршрутам.
ip route add 77.88.8.1 via 192.168.1.1 dev ppp1
ip route add 194.50.85.2 via 192.168.1.1 dev ppp1
ip route add 194.50.85.1 via 192.168.1.1 dev ppp1
Пользователь решил продолжить мысль [time]26 Январь 2016, 20:15:52[/time]:
Дополняю. Все же пакеты ходят!
Играл с командой: "openssl s_client -connect pop.ukr.net:995"
Вот дамп при нормальном соединении через маршрут по умолчанию:
# tcpdump -i eth0 port 995
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
17:49:48.789536 IP 192.168.15.20.50749 > frv240.fwdcdn.com.pop3s: Flags [S], seq 2299469672, win 29200, options [mss 1460,sackOK,TS val 18987262 ecr 0,nop,wscale 7], length 0
17:49:48.816798 IP frv240.fwdcdn.com.pop3s > 192.168.15.20.50749: Flags [S.], seq 3497803659, ack 2299469673, win 65535, options [mss 1200,nop,wscale 6,sackOK,TS val 3666904253 ecr 18987262], length 0
17:49:48.816854 IP 192.168.15.20.50749 > frv240.fwdcdn.com.pop3s: Flags [.], ack 1, win 229, options [nop,nop,TS val 18987268 ecr 3666904253], length 0
17:49:48.817381 IP 192.168.15.20.50749 > frv240.fwdcdn.com.pop3s: Flags [P.], seq 1:296, ack 1, win 229, options [nop,nop,TS val 18987269 ecr 3666904253], length 295
17:49:48.844735 IP frv240.fwdcdn.com.pop3s > 192.168.15.20.50749: Flags [.], ack 296, win 1034, options [nop,nop,TS val 3666904281 ecr 18987269], length 0
17:49:48.846079 IP frv240.fwdcdn.com.pop3s > 192.168.15.20.50749: Flags [.], seq 1:1189, ack 296, win 1039, options [nop,nop,TS val 3666904282 ecr 18987269], length 1188
17:49:48.846133 IP 192.168.15.20.50749 > frv240.fwdcdn.com.pop3s: Flags [.], ack 1189, win 251, options [nop,nop,TS val 18987276 ecr 3666904282], length 0
17:49:48.846175 IP frv240.fwdcdn.com.pop3s > 192.168.15.20.50749: Flags [.], seq 1189:2377, ack 296, win 1039, options [nop,nop,TS val 3666904282 ecr 18987269], length 1188
17:49:48.846201 IP 192.168.15.20.50749 > frv240.fwdcdn.com.pop3s: Flags [.], ack 2377, win 274, options [nop,nop,TS val 18987276 ecr 3666904282], length 0
А вот дамп после команд после:
ip route add default via 192.168.10.1 table 100
iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 995 -j MARK --set-mark 0x3
ip rule add fwmark 0x3/0x3 lookup 100
iptables -t nat -A POSTROUTING -o 192.168.10.1 -j MASQUERADE
# tcpdump -i ppp2 port 995
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ppp2, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
17:47:02.926110 IP 192.168.50.2.50747 > frv240.fwdcdn.com.pop3s: Flags [S], seq 2992313097, win 29200, options [mss 1460,sackOK,TS val 18945796 ecr 0,nop,wscale 7], length 0
17:47:03.206217 IP frv240.fwdcdn.com.pop3s > 192.168.50.2.50747: Flags [S.], seq 171551312, ack 2992313098, win 65535, options [mss 1200,nop,wscale 6,sackOK,TS val 2030069827 ecr 18945796], length 0
17:47:03.925211 IP 192.168.50.2.50747 > frv240.fwdcdn.com.pop3s: Flags [S], seq 2992313097, win 29200, options [mss 1460,sackOK,TS val 18946046 ecr 0,nop,wscale 7], length 0
17:47:04.204445 IP frv240.fwdcdn.com.pop3s > 192.168.50.2.50747: Flags [S.], seq 171551312, ack 2992313098, win 65535, options [mss 1200,nop,wscale 6,sackOK,TS val 2030069827 ecr 18946046], length 0
17:47:05.929222 IP 192.168.50.2.50747 > frv240.fwdcdn.com.pop3s: Flags [S], seq 2992313097, win 29200, options [mss 1460,sackOK,TS val 18946547 ecr 0,nop,wscale 7], length 0
17:47:06.206005 IP frv240.fwdcdn.com.pop3s > 192.168.50.2.50747: Flags [S.], seq 171551312, ack 2992313098, win 65535, options [mss 1200,nop,wscale 6,sackOK,TS val 2030069827 ecr 18946547], length 0
17:47:09.205870 IP frv240.fwdcdn.com.pop3s > 192.168.50.2.50747: Flags [S.], seq 171551312, ack 2992313098, win 65535, options [mss 1200,nop,wscale 6,sackOK,TS val 2030069827 ecr 18946547], length 0
17:47:09.933251 IP 192.168.50.2.50747 > frv240.fwdcdn.com.pop3s: Flags [S], seq 2992313097, win 29200, options [mss 1460,sackOK,TS val 18947548 ecr 0,nop,wscale 7], length 0
17:47:10.216299 IP frv240.fwdcdn.com.pop3s > 192.168.50.2.50747: Flags [S.], seq 171551312, ack 2992313098, win 65535, options [mss 1200,nop,wscale 6,sackOK,TS val 2030069827 ecr 18947548], length 0
17:47:13.216328 IP frv240.fwdcdn.com.pop3s > 192.168.50.2.50747: Flags [S.], seq 171551312, ack 2992313098, win 65535, options [mss 1200,nop,wscale 6,sackOK,TS val 2030069827 ecr 18947548], length 0
17:47:16.231110 IP frv240.fwdcdn.com.pop3s > 192.168.50.2.50747: Flags [S.], seq 171551312, ack 2992313098, win 65535, options [mss 1200,nop,wscale 6,sackOK,TS val 2030069827 ecr 18947548], length 0
Как видно - данные уходят и приходят на интерфейс тоннеля PPP2! Только вот вопрос - почему их приложение не видит
Судя по нулевой длинне пакетов - клиент и сервер немогут договориться. Скорее все-го из-за того, что клиент отсылает запрос по дефолтному маршруту, а ответ приходит с другого интерфейса. Может нужно сменить адрес отправителя в источнике ответа? Правильна ли команда -
iptables -t nat -A POSTROUTING --src 192.168.50.2 -p tcp --dport 80 -j SNAT --to-source 192.168.15.1