[09:47] <slyon> PeGaSuS: If you remove any gateway6 the IP addresses still stay the same. This settings is only about where outgoing packages are being send
[11:19] <neo7530> Hi
[11:19] <neo7530> maybe someone can help me with an issue ?
[11:20] <neo7530> i have set up netplan with one physical nw-adapter and defined some virtual ip-addresses for a reverse proxy
[11:22] <neo7530> this works so far, but: when i request the website via the virtual ip, the proxy sents the request to the backend via an other ip, as i have requested
[11:23] <neo7530> eg: client => 192.168.0.2 => rev. proxy to 192.168.0.10 but the request to the backend will be via ip-address 192.168.0.1
[11:27] <kjetilho> what do you mean by virtual ip-address?  probably best to put your netplan in a pastebin/gist
[11:28] <neo7530> network:
[11:28] <neo7530>   ethernets:
[11:28] <neo7530>     enp0s3:
[11:28] <neo7530>       dhcp4: no
[11:28] <neo7530>       addresses: [10.24.10.30/24,10.24.10.31/24,10.24.10.33/24]
[11:28] <neo7530>       gateway4: 10.24.10.50
[11:28] <neo7530>       nameservers:
[11:28] <neo7530>         addresses: [10.24.10.50]
[11:29] <neo7530> i have 3 addresses on one physical interface
[11:30] <neo7530> i make a request to 10.24.10.31 this will be forwarded via reverse-proxy to a backend-server
[11:30] <neo7530> but the request to the backend will be made via 10.24.10.30
[11:30] <neo7530> and not via 10.24.10.31 as requested
[11:31] <PeGaSuS> slyon: right. I've just tested and this seems to work: https://termbin.com/dm07
[11:31] <kjetilho> neo7530: I think you mean, not via, but with source address?
[11:32] <kjetilho> (via implies a hop via a router)
[11:32] <neo7530> yep
[11:32] <neo7530> the request to the backend should be the same as my client sent the request to
[11:33] <neo7530> same ip, i mean
[11:34] <kjetilho> right - you need source routing to enable this.  ie. a route where you specify from: and table:
[11:34] <kjetilho> table is just some integer to separate the routing from the default route table
[11:35] <kjetilho> btw, one of my favourite commands when checking stuff like this is "ip route get A.B.C.D" - it will tell you what src address the kernel will use for a new connection there
[11:44] <neo7530> and how should i do this? i'm fairly new to netplan
[12:08] <kjetilho> routes:
[12:08] <kjetilho>   -
[12:08] <kjetilho>     from: 10.24.10.31
[12:08] <kjetilho>     to: 10.24.10.31
[12:08] <kjetilho>     via: 10.24.10.31
[12:08] <kjetilho>     table: 17
[12:08] <kjetilho> ehhh
[12:09] <kjetilho> cut and paste error of your addresses
[12:09] <kjetilho> to: 192.168.0.10
[12:09] <kjetilho> I think is what you wanted?
[12:10] <neo7530> hmmm
[12:10] <neo7530> local 10.24.10.31 dev lo table local src 10.24.10.30 uid 0
[12:15] <neo7530> doesn't work
[12:17] <kjetilho> you need to explain what you want again
[12:17] <kjetilho> the components are not clear
[12:19] <neo7530> okay. client = 10.24.10.xxx                reverse-proxy 10.24.10.31                    backend 10.24.10.10
[12:20] <neo7530> client request goes to *31
[12:21] <neo7530> reverse-proxy talks to the backend via *30 but should use the *31 for communication
[12:21] <neo7530> same address outgoing as ingoing
[12:22] <neo7530> *30 *31 *33 are on the same physical interface
[12:29] <kjetilho> so backend is your value for to
[12:29] <kjetilho> and reverse-proxy your values for from and via
[12:31] <kjetilho> there might be a better method to make .31 preferred generally - you don't really need a specific exception rule here, it seems
[12:35] <neo7530> ip route get 10.24.10.10
[12:35] <neo7530> 10.24.10.10 dev enp0s3 src 10.24.10.30 uid 0
[12:35] <neo7530> makes no difference
[12:35] <neo7530>       routes:
[12:35] <neo7530>         - to: 10.24.10.10
[12:35] <neo7530>           from: 10.24.10.31
[12:35] <neo7530>           via: 10.24.10.31
[12:35] <neo7530>           table: 101
[12:44] <kjetilho> oh.  I thought netplan added the ip rule automatically  :-(
[12:44] <kjetilho> "15:01 <kjetilho> btw, I just set up source based routing with Netplan - so simple I hardly could believe it :)"  - it was too good to be true ...
[12:46] <neo7530> maybe i should use iptables for this
[12:46] <neo7530> :/
[12:48] <kjetilho> ahhh - I need to add routing-policy!
[12:48] <kjetilho> you, too.
[12:48] <kjetilho> routing-policy:
[12:48] <kjetilho>   - from: 10.24.10.31
[12:49] <kjetilho>     table: 101
[12:49] <neo7530> ahh, i try this
[12:50] <kjetilho> the from: in the routes is probably superfluous, then
[12:52] <neo7530> nope, makes no difference
[12:52] <neo7530> this is odd :/
[12:57] <kjetilho> hrm, no ip rules installed here either
[13:54] <kjetilho> hrm, it does work for me though - but I don't understand how, since ip rule does not list any new rules
[13:54] <kjetilho> slyon: ^ how does routing-policy work behind the scenes?
[13:56] <kjetilho> now I'm not sure if routing-policy is needed for my case after all.  it's a bit awkward to test since a reboot is required.
[13:56] <kjetilho> (I mean, applying config will not clean up random stuff added earlier)
[14:04] <slyon> kjetilho: behind the scenes netplan generates a [RoutingPolicyRule] section inside a .network file for systemd
[14:08] <kjetilho> sorry for being a n00b, but I can't find anything like this (I'm on Ubuntu Focal)
[14:09] <kjetilho> that is, no units of type network at all.
[14:16] <kjetilho> right, they end up in /run/systemd/network
[14:16] <kjetilho> and right², the from-parameter in a route ends up as PreferredSource in the .network file
[14:17] <slyon> correct, /run/systemd/networkd/10-netplan-*.network
[14:18] <kjetilho> perhaps my netplan version is too old - 0.101
[14:18] <kjetilho> grep -i policy /run/systemd/network/* → nada
[14:18] <slyon> 0.101 is the latest version. But the "from" parameter should end up as "From=...", see https://paste.ubuntu.com/p/ydTWpBq9yS/
[14:19] <kjetilho> the from in a route, not routing policy
[14:20] <slyon> ah yes, then you're right
[14:20] <slyon> did you run 'netplan generate' before? to produce the latest files. Also this only applies only if using the 'networkd' renderer (the default). Do you use NetworkManager renderer?
[14:20] <kjetilho> doh.  I was running netplan apply ~kjetilho/login-osl2.yaml
[14:20] <kjetilho> that really should cause an error
[14:21] <kjetilho> (or preferably - work)
[14:22] <kjetilho> there we go, I got ip rules :)
[14:22] <slyon> nice!
[14:22] <kjetilho> (after copying my file to /etc/netplan
[14:23] <kjetilho> I do wonder if PreferredSource is sufficient for me