LocalAddr is ignored in IO::Socket::INET under currently unknown conditions

[julsemaan]

Due to, as discovered below, iptables NATing the whole system on the management

[julsemaan]

If 192.168.73.111 is the server IP and 192.168.73.210 is the VIP

The script below will make the request leave from source IP 192.168.73.111

use strict;
use warnings;
use lib qw(/usr/local/pf/lib);
use IO::Socket;
use strict;

foreach my $addr (qw(192.168.73.210)) {
    my $sock = IO::Socket::INET->new(
        Proto     => 'udp',
        PeerPort  => 5000,
        PeerAddr  => '192.168.73.112',
        LocalAddr => $addr,
    ) or die "Could not create socket: $!\n";

    $sock->send('a file to have your advice') or die "Send error: $!\n";
}

[jrouzierinverse]

This is also happening for tcp traffic.

[jrouzierinverse]

This seems to be an issue with the configuration of server.
You see the same behavior with the following command.

echo Hello | nc -w 1 -v -u -s 192.168.73.210 192.168.73.112 5000

Most likely it is a mis-configured iptables.(Manually or programmatically )

Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 SNAT all -- 0.0.0.0/0 0.0.0.0/0 to:192.168.73.111
2 SNAT all -- 169.254.0.0/16 0.0.0.0/0 to:192.168.73.111

Since I am not an iptables expert can someone please confirm my suspicions.

[jrouzierinverse]

This is a configuration issue

[julsemaan]

This is not a config issue,

This is a problem in the iptables in active/active clustering that PacketFence is generating.

@dwlfrth is looking into it, I'll assign him

[fdurand]

#1079 ?

[julsemaan]

@fdurand

Lol, yes that pretty much looks like a fix :)

Guess this is now on milestone 5.6

[dwlfrth]

Now we're jasing !

[julsemaan]

You're jasing in the past ?

[dwlfrth]

Wut ? ;)

[julsemaan]

Forget it,

I'm in the 'Friday afternoon bad jokes' mood

@dwlfrth can you check @fdurand PR, looks good to me but I'm not inline expert

We'd need to be able to put it in 5.6 since this is affecting active/active clusters with passthroughs