This seems so simple I can''t believe it doesn''t work yet.
I have two modems connected to two ISPs. I route everything
through the "fast" one with:
ip route default via xxx.xxx.xxx.xxx dev ppp0
Then to the machine I regularly tf and ssh, I add this:
ip route tf.tf.tf.tf via xxx.xxx.xxx.xxx dev ppp1
ip route ssh.ssh.ssh.ssh via xxx.xxx.xxx.xxx dev ppp1
The reason I joined this list is that I''d rather do
something like this, but I can''t get it to work right.
ip route add default via xxx.xxx.xxx.xxx dev ppp1 tos 0x10
for i in 22 23 8000; do
iptables -t mangle -A PREROUTING -p tcp
--dport $i -j TOS --set-tos 0x10; done
I would have figured everything for port 22, 23 and 8000
would go out ppp1 and come back ppp1, but I was rather
suprised to find that _all_ my traffic goes out ppp0, but
the stuff I tagged 0x10 comes back in ppp1?!?
What am I missing?
On Sat, Apr 28, 2001 at 01:53:00PM -0400, Jettero Heller wrote:> This seems so simple I can''t believe it doesn''t work yet. > I have two modems connected to two ISPs. I route everything > through the "fast" one with: > ip route default via xxx.xxx.xxx.xxx dev ppp0 > > Then to the machine I regularly tf and ssh, I add this: > ip route tf.tf.tf.tf via xxx.xxx.xxx.xxx dev ppp1 > ip route ssh.ssh.ssh.ssh via xxx.xxx.xxx.xxx dev ppp1 > > The reason I joined this list is that I''d rather do > something like this, but I can''t get it to work right. > > ip route add default via xxx.xxx.xxx.xxx dev ppp1 tos 0x10 > > for i in 22 23 8000; do > iptables -t mangle -A PREROUTING -p tcp > --dport $i -j TOS --set-tos 0x10; done > > I would have figured everything for port 22, 23 and 8000 > would go out ppp1 and come back ppp1, but I was rather > suprised to find that _all_ my traffic goes out ppp0, but > the stuff I tagged 0x10 comes back in ppp1?!?Good question. First of all I''m not sure that TOS would influence the routing decision, either on your Linux box or on the routers out there. The reason that the packets come back on ppp1 is that the source of the IP is set to ppp1 (which is weird, when you''re saying that the packets go out on ppp0 to ISP I, are you sure about this?). Then the returning packets which are destined for ppp1 (which belongs to ISP II) will get routed on the Internet to ISP II and will be delivered to PPP1. Again, if you want to route different services through different ISP''s it is called policy routing. Take a look at the documentation on: http://kewl.phear.org/policy/ Or Arthur''s answers to the very same questions on this mailing list. http://mailman.ds9a.nl/pipermail/lartc/2000q4/000091.html http://mailman.ds9a.nl/pipermail/lartc/2000q4/000092.html http://mailman.ds9a.nl/pipermail/lartc/2000q4/000153.html http://mailman.ds9a.nl/pipermail/lartc/2000q4/000156.html Ramin> > What am I missing? > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
You should use ''tcpdump -i ppp0'' and ''tcpdump -i ppp1'' in two different xterms to have a beter understanding as to what (the hell) is going on. Because that light on ppp0 could be your dns lookup or any other unexpected traffic... Take a look at your routing table (again, with solid commands and no lights here and there ;-)... Try to traceroute to tf and ssh hosts and see what first hop you see... Ramin On Sat, Apr 28, 2001 at 05:41:39PM -0400, Jettero Heller wrote:> I''m completely certain. I have lights on both, and made > sure my only traffic was my ssh session. The transmit > lights flash on ppp0 on the way out, and flash on ppp1 on > the way back in. Web traffic only lights up ppp0. > > It''s the damn''dest thing I''ve seen ... I don''t even > understand how that works. ;) > > On Sat, Apr 28, 2001 at 03:45:47PM -0400, Ramin Alidousti wrote: > > On Sat, Apr 28, 2001 at 01:53:00PM -0400, Jettero Heller wrote: > > > > > This seems so simple I can''t believe it doesn''t work yet. > > > I have two modems connected to two ISPs. I route everything > > > through the "fast" one with: > > > ip route default via xxx.xxx.xxx.xxx dev ppp0 > > > > > > Then to the machine I regularly tf and ssh, I add this: > > > ip route tf.tf.tf.tf via xxx.xxx.xxx.xxx dev ppp1 > > > ip route ssh.ssh.ssh.ssh via xxx.xxx.xxx.xxx dev ppp1 > > > > > > The reason I joined this list is that I''d rather do > > > something like this, but I can''t get it to work right. > > > > > > ip route add default via xxx.xxx.xxx.xxx dev ppp1 tos 0x10 > > > > > > for i in 22 23 8000; do > > > iptables -t mangle -A PREROUTING -p tcp > > > --dport $i -j TOS --set-tos 0x10; done > > > > > > I would have figured everything for port 22, 23 and 8000 > > > would go out ppp1 and come back ppp1, but I was rather > > > suprised to find that _all_ my traffic goes out ppp0, but > > > the stuff I tagged 0x10 comes back in ppp1?!? > > > > Good question. First of all I''m not sure that TOS would influence the > > routing decision, either on your Linux box or on the routers out there. > > > > The reason that the packets come back on ppp1 is that the source of the > > IP is set to ppp1 (which is weird, when you''re saying that the packets > > go out on ppp0 to ISP I, are you sure about this?). Then the returning > > packets which are destined for ppp1 (which belongs to ISP II) will get > > routed on the Internet to ISP II and will be delivered to PPP1. > > > > Again, if you want to route different services through different ISP''s > > it is called policy routing. Take a look at the documentation on: > > > > http://kewl.phear.org/policy/ > > > > Or Arthur''s answers to the very same questions on this mailing list. > > > > http://mailman.ds9a.nl/pipermail/lartc/2000q4/000091.html > > http://mailman.ds9a.nl/pipermail/lartc/2000q4/000092.html > > http://mailman.ds9a.nl/pipermail/lartc/2000q4/000153.html > > http://mailman.ds9a.nl/pipermail/lartc/2000q4/000156.html > > > > Ramin > > > > > > > > > > > > What am I missing?