Binding Rclone To Second NIC

I’m not sure as I don’t use it.

Can you try

curl --interface 192.168.2.7 https://www.googleapis.com/drive/v3/files

that will simulate what rclone does. It should return a JSON error saying it needs authentication.

Using the NIC IP failed with “protocol not supported” but using the NIC name worked though

[bran@server ~]$ sudo curl --interface enp7s0 https://www.googleapis.com/drive/v3/files           
{
“error”: {
 “errors”: [
  {
   “domain”: “usageLimits”,
   “reason”: “dailyLimitExceededUnreg”,
   “message”: “Daily Limit for Unauthenticated Use Exceeded. Continued use requires signup.”,
   “extendedHelp”: “https://code.google.com/apis/console
  }
 ],
 “code”: 403,
 “message”: “Daily Limit for Unauthenticated Use Exceeded. Continued use requires signup.”
}
}

Hmm, that’s goofy as if ping / curl are all working out that interface, I can’t imagine why rclone wouldn’t.

Are you able to try a test and grab a tcpdump on that interface and see if it’s actually going out?

Just for the hell of it, I tried to use the NIC name instead of the IP for the --bind option and got this strange error:

–bind: Expecting 1 IP address for “enp7s0” but got 2

I just noticed that both of my NICs have IPv6 addresses…yet I never setup IPv6 on these, they’re static IPs.

3: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
   link/ether 34:97:f6:5b:b0:b4 brd ff:ff:ff:ff:ff:ff
   inet 192.168.2.7/24 brd 192.168.2.255 scope global enp7s0
      valid_lft forever preferred_lft forever
   inet6 fe80::3697:f6ff:fe5b:b0b4/64 scope link  
      valid_lft forever preferred_lft forever

Sure, I’ll make a dump,

I wonder if it’s something related to ip v6. I have that disabled on my Debian box.

Here’s the capture: https://drive.google.com/file/d/1254chTFwfcKtuWBfSMqXM4qlZmb0R2g1/view?usp=sharing

I did a few other things on that interface as well such as pinging an IP and running rclone with the bind option.

I just deleted the IPv6 address from that NIC yet it still gives me the error about it finding two IPs, wtf?

–bind: Expecting 1 IP address for “enp7s0” but got 2

3: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
   link/ether 34:97:f6:5b:b0:b4 brd ff:ff:ff:ff:ff:ff
   inet 192.168.2.7/24 brd 192.168.2.255 scope global enp7s0
      valid_lft forever preferred_lft forever

Any chance you can just do the rclone thing and upload that? I can’t figure out if it was something else or not.

Sure, here ya go: https://drive.google.com/file/d/1r0pcNCAWzBy2a7M8vfyegzsiAM-ZFf4X/view?usp=sharing

Yeah, it never goes out that interface at all. In the other packet capture, you can see the ping go out. I’m not sure offhand what that would be though…

Which OS are you using?

Can you run rclone in one terminal window and in another run netstat -tuanp | grep rclone and see if rclone is binding the outgoing addresses to the local correct IP?

rclone tried to do a DNS lookup of "enp7s0” and got 2 items back is what it is complaining about! A strange error I agree!

Arch Linux, Kernel 4.2x IIRC

Can you run rclone in one terminal window and in another run netstat -tuanp | grep rclone and see if rclone is binding the outgoing addresses to the local correct IP?

I just got to work, and apparently my public IP changed so I can’t shell in :-/ gonna have to wait until tonight

rclone tried to do a DNS lookup of "enp7s0” and got 2 items back is what it is complaining about! A strange error I agree

I’m running unbound and nsd on the same server and have it’s IP in /etc/resolv.conf along with 192.168.1.1, which just forwards to 8.8.8.8, but nsd is borked apparently because it keeps on telling me there’s a syntax error in the first line when there isn’t. I also have a public facing DNS server on dns.he.net…but in neither of them are there any A records for enp7s0…which just makes this even more confusing.

No probs!

Yes I have not a lot of idea what happened there! rclone doesn’t take an interface name in the bind field though so we can not go there if we want :wink:

It is indeed binding to the correct IP, this just keeps getting more and more odd hahaha

[bran@server ~]$ sudo netstat -tuanp|grep rclone
 
tcp        0      1 192.168.2.7:57631       172.217.12.205:443      SYN_SENT    13714/rclone  

Oh, I see what is going on.

Even though it is bound to the correct IP, because the destination isn’t within the netmask of the LAN it is being routed out of the default route and hence via the other interface.

I think you’ll need to do some fancy routing like the link @Animosity022 posted above.

What things do work? Using ping with an interface name does some special stuff which isn’t available to programs not running as root. Did you get anything other than ping running on it - if so how?

Ah interesting! I’m not an expert with networking, I usually just stick to the basics of one interface and then bridge it if I need multiple things using it.

What things do work? Using ping with an interface name does some special stuff which isn’t available to programs not running as root. Did you get anything other than ping running on it - if so how?

By that I was referring to ping and curl, but I have also had VMs bind to the interface directly whenever I need to spin something up and test it, but I’ve always kept it within the same subnet, just a different IP.

I guess I’ll have to figure out how to adapt that to systemd-networkd, thanks for the help everyone!

The goal would be to use iproute2 and configure another gateway for that interface.

Something like this ‘should’ work with a little playing around.

https://www.thomas-krenn.com/en/wiki/Two_Default_Gateways_on_One_System#More_than_Two_Network_Cards_or_Gateways

You can configure those routes and such with a simple systemd startup as I found that to be easier than trying to muck around with Network Manager.

Awesome, thanks, I’ll give it a try either tonight or this weekend.

And it works perfectly once I added in the new routing table! :smiley:

Thanks again, my friends that access my plex server will be happy now hahaha

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.