On 2015-10-28 Adam Thompson wrote:
I have CentOS 6 system - my tape backup server - that's connected to two different subnets ("100" and "158"). There is also a router (actually a firewall) that routes between subnets "100" and "158". The server's default gateway is the router IP on subnet "158". The server's primary management IP address is the address on subnet "158".
An ascii picture might help.
There are client systems on subnet "100", both management workstations and things to back up.
When I try to SSH to the management IP in 158, the default behaviour
SSH from what host to what host?
in Linux is to send the reply back out the 'closest' interface, which is the "100" interface. This breaks things, because the router is actually a stateful firewall and I suddenly have asymmetric routing.
Hmm, default is to use the closest IF and not the IF that the traffic came in on (for tcp)? I wouldn't have guessed that.
You could use the various tc, ip rules, iptables, routing, etc functions of linux to force something to a certain IF, but I'm pretty sure that something can't change. i.e. you'd have to say "all ssh from host w.x.y.z goes out on .158" -- you couldn't make it dynamic AFAIK: you can't say "send the packet back out on the IF it came in on" (AFAIK).
In your case you could always have 2 different sshd's running on diff ports if you really needed it on both subnets.
If this sounds like I guessed your scenario right, I can dig out the various rules for you. I've done it before.