LARTC - Jul 2001 - Source based routing with two internet connections

Hi,

The next question is probably a FAQ but I''m really getting desperate
and I
haven''t found anything in the HOW-TO, the docs or archives about the
problems I have.

I have a Linux box with two connections to the internet (a fast and a
slow connection) and a private internal network. The linux box does
masquerading. Some PCs (PC B) on the private LAN must use the fast
connection, the rest of the hosts must use the slow connection.


            internet        internet
               \               /
 slow connection\             / fast connection
 124.124.124.124 \ eth1  eth2/ 123.123.123.123
                +-------------+
                |  Linux box  |
                |             |
                +-------------+
                   eth0| 192.168.11.2  
                       |
             ----+-----+------+------
                 |            | 
                 |            | 192.168.11.70
           +--------+    +--------+
           |  PC a  |    |  PC b  |
           +--------+    +--------+

Its almost exacly the same as described in the Adv. Routing HOW-TO.

The default route is set to eth1 and PC A and PC B can connect to the
internet using the slow link.

Then, when I use the following commands (fast is a name in
/etc/iproute2/rt_tables) :

#ip rule add from 192.168.11.70 table fast pref 102
#ip route add 0/0 dev eth2 table fast
#ip route flush cache

PC A can still connect to the internet using the slow link, but PC B
can''t connect to the internet using the fast link.
When I do a traceroute or look at the packets on the interfaces I can see
that packets from PC B are routed to the fast link.
When I ping a host on the internet from PC B, the host which is pinged
send replies on eth2, but the linux box doesnt forward them to PC B.
So, I think there is something wrong with masquerading.

Masquerading is set up using ipchains :

ipchains -A forward -i eth2 -j MASQ -l

With -l the ping requests from PC B show up in the syslog.

I''m using kernel 2.2.17, I''ve compiled the kernel with all the
relevant
networking options for advanced routing. Does this kind of routing work
with 2.2.17 ?

I really have no idea what is wrong and was hoping someone else has a
similar setup working and can give me some clues on how to get it to work.

Thanks,

Ralph.

On Tue, 3 Jul 2001, Ralph van Etten wrote:
> #ip rule add from 192.168.11.70 table fast pref 102
> #ip route add 0/0 dev eth2 table fast
> #ip route flush cache
You''re not doing source address selection (the src argument to ip route
add),
causing the masquerading code to possibly select the wrong address to
masquerade to. Check the archives for the postings on multipath upstream
routing for information on a setup with multiple upstreams. Such a setup
will gladly masquerade on each of the uplinks, and *work*. From that you can,
without a doubt, simplify to your situation.

Oh, 2.2.17 is quite adequate.

Doei, Arthur.

-- 
  /\    / |      arthurvl@sci.kun.nl      | Work like you don''t need
the money
 /__\  /  | A friend is someone with whom | Love like you have never been hurt
/    \/__ | you can dare to be yourself   | Dance like there''s nobody
watching

On Wed, 4 Jul 2001, Arthur van Leeuwen wrote:
> > #ip rule add from 192.168.11.70 table fast pref 102
> > #ip route add 0/0 dev eth2 table fast
> > #ip route flush cache
> 
> You''re not doing source address selection (the src argument to ip
route add),
> causing the masquerading code to possibly select the wrong address to
> masquerade to. Check the archives for the postings on multipath upstream
> routing for information on a setup with multiple upstreams. Such a setup
> will gladly masquerade on each of the uplinks, and *work*. From that you
can,
> without a doubt, simplify to your situation.
I''ve read the articles in the archive again and first I though of the
following :

#ip route add 0/0 src 123.123.123.123 dev eth2 table adsl

But this didn''t worked, so I read some more and tried this :

#ip route add 123.123.123.1 dev eth2 table fast
#ip route add 0/0 via 123.123.123.123 dev eth2 table fast

with and without src argument and this gave exactly the same problem. Are
the above commands correct ?

Should the default route in the main table be a multipath route for 
this to work ?


Thanks,

Ralph.