I have a network as such Local Interface eth0 local network 10.0.0.0 Internet Interfaces ppp0 public static ip1 eth1 adsl static ip2 eth2 cable dyn ip3 I am trying to set my iproute2 table such that if any external connection eg. a ping packet, comes up ppp0 to ip1, the reply packet goes back the same way with the source ip of that interface. So if a ping request then came to eth1 ip2 via that link from an external machine then the reply packet would leave as source ip2 via eth1, and the same for eth2. I have tried numerous examples but cannot get this working. I would prefer to do this without using fwmark. Any working examples will put me out of my prolonged agony :) Here is one example of what I have been trying. ip rule add to privatenetwork pref 100 table eth0 ip rule add from default dev eth2 pref 200 table eth2 ip rule add from default dev ppp0 pref 500 table ppp0 ip rule add from default dev eth1 pref 600 table eth1 ip rule add from privatenetwork pref 5000 table eth0 ip rule add from pppip pref 5001 table ppp0 ip route add to random_external_subnet via eth1gwip dev eth1 ip route add default from privatenetwork dev eth2 table eth0 ip route add to random_external_subnet via eth2gwip dev eth2 ip route add to privatenetwork dev eth0 table eth0 route add default dev ppp0 ip route add default dev ppp0 table ppp0 ip route add default dev eth0 table eth0 ip route add default via eth1gwip dev eth1 table eth1 ip route add default via eth2gwip dev eth2 table eth2 ip route add from eth1ip via eth1gwip dev eth1 table eth1 ip route add from eth1ip via eth2gwip dev eth2 table eth2 Thanks Stephen
Hello, On Wed, 12 Dec 2001, Stephen wrote:> Here is one example of what I have been trying.Such order of rules and routes is not the recommended one. Use the links below to see how similar setups are handled, there are some rules you must follow. You can try them if you still don''t prefer to use fwmarks. What is your preferred kernel? http://www.linuxvirtualserver.org/~julian/nano.txt http://www.linuxvirtualserver.org/~julian/#routes> ip rule add to privatenetwork pref 100 table eth0 > ip rule add from default dev eth2 pref 200 table eth2 > ip rule add from default dev ppp0 pref 500 table ppp0 > ip rule add from default dev eth1 pref 600 table eth1 > ip rule add from privatenetwork pref 5000 table eth0 > ip rule add from pppip pref 5001 table ppp0 > > ip route add to random_external_subnet via eth1gwip dev eth1 > ip route add default from privatenetwork dev eth2 table eth0 > ip route add to random_external_subnet via eth2gwip dev eth2 > ip route add to privatenetwork dev eth0 table eth0 > route add default dev ppp0 > ip route add default dev ppp0 table ppp0 > ip route add default dev eth0 table eth0 > ip route add default via eth1gwip dev eth1 table eth1 > ip route add default via eth2gwip dev eth2 table eth2 > ip route add from eth1ip via eth1gwip dev eth1 table eth1 > ip route add from eth1ip via eth2gwip dev eth2 table eth2 > > > Thanks > StephenRegards -- Julian Anastasov <ja@ssi.bg>
Julian I am already using a kernel patched with your routes-2.2.19 patch here is an example of my rule and route list i am presently trying and the errors i am getting. I have 202.1.1.0/25 + 2 other ips on ppp0 my main static ip link. The 202.2.2 is my adsl on eth1. 202.3.3 is my cable on eth2 which i try to route all my clients from 202.1.1.128/25 out of by default. I have built these on a working example of ip ru add from 202.3.3.153/32 table 1 ip ro add 0.0.0.0/0 via 202.3.3.129 table 1 which ensures all data going to the cable ip leaves back out that interface while my default gateway is still ppp0. Building on this however causes problems ip ru add from 202.1.1.0/25 pref 100 table ppp0 ip ru add from 202.1.1.151/32 pref 100 table ppp0 ip ru add from 202.1.1.152/32 pref 100 table ppp0 ip ru add from 202.1.1.128/25 pref 100 table eth0 ip ru add from 202.2.2.18/31 pref 200 table eth1 ip ru add from 202.2.2.20/31 pref 200 table eth1 ip ru add from 202.2.2.22/32 pref 200 table eth1 ip ru add from 202.3.3.153/32 pref 300 table eth2 ip ro add to 202.1.1.128/25 pref 1 dev eth0 table ppp0 ip ro add to 202.1.1.128/25 pref 1 dev eth0 table eth0 ip ro add to 202.1.1.128/25 pref 1 dev eth0 table eth1 ip ro add to 202.1.1.128/25 pref 1 dev eth0 table eth2 ip ro add 0.0.0.0/0 dev ppp0 table ppp0 ip ro add 0.0.0.0/0 dev ppp0 ip ro add 0.0.0.0/0 via 202.2.2.17 table eth1 ip ro add 0.0.0.0/0 via 202.3.3.129 table eth2 ip ro add from 202.1.1.128/25 via 202.3.3.129 table eth2 + ip ru add from 202.1.1.0/25 pref 100 table ppp0 + ip ru add from 202.1.1.151/32 pref 100 table ppp0 + ip ru add from 202.1.1.152/32 pref 100 table ppp0 + ip ru add from 202.1.1.128/25 pref 100 table eth0 + ip ru add from 202.2.2.18/31 pref 200 table eth1 + ip ru add from 202.2.2.20/31 pref 200 table eth1 + ip ru add from 202.2.2.22/32 pref 200 table eth1 + ip ru add from 202.3.3.153/32 pref 300 table eth2 + ip ro add to 202.1.1.128/25 pref 1 dev eth0 table ppp0 RTNETLINK answers: File exists + ip ro add to 202.1.1.128/25 pref 1 dev eth0 table eth0 RTNETLINK answers: File exists + ip ro add to 202.1.1.128/25 pref 1 dev eth0 table eth1 RTNETLINK answers: File exists + ip ro add to 202.1.1.128/25 pref 1 dev eth0 table eth2 RTNETLINK answers: File exists + ip ro add 0.0.0.0/0 dev ppp0 table ppp0 RTNETLINK answers: File exists + ip ro add 0.0.0.0/0 dev ppp0 + ip ro add 0.0.0.0/0 via 202.2.2.17 table eth1 + ip ro add 0.0.0.0/0 via 202.3.3.129 table eth2 + ip ro add from 202.1.1.128/25 via 202.3.3.129 table eth2 RTNETLINK answers: File exists + exit 0 On Tue, 11 Dec 2001, Julian Anastasov wrote:> Date: Tue, 11 Dec 2001 23:50:56 +0000 (GMT) > From: Julian Anastasov <ja@ssi.bg> > To: Stephen <meridian@tha.net> > Cc: lartc@mailman.ds9a.nl > Subject: Re: [LARTC] Multiple Internet Links problem > > > Hello, > > On Wed, 12 Dec 2001, Stephen wrote: > > > Here is one example of what I have been trying. > > Such order of rules and routes is not the recommended one. > Use the links below to see how similar setups are handled, there are > some rules you must follow. You can try them if you still don''t > prefer to use fwmarks. What is your preferred kernel? > > http://www.linuxvirtualserver.org/~julian/nano.txt > http://www.linuxvirtualserver.org/~julian/#routes > > > ip rule add to privatenetwork pref 100 table eth0 > > ip rule add from default dev eth2 pref 200 table eth2 > > ip rule add from default dev ppp0 pref 500 table ppp0 > > ip rule add from default dev eth1 pref 600 table eth1 > > ip rule add from privatenetwork pref 5000 table eth0 > > ip rule add from pppip pref 5001 table ppp0 > > > > ip route add to random_external_subnet via eth1gwip dev eth1 > > ip route add default from privatenetwork dev eth2 table eth0 > > ip route add to random_external_subnet via eth2gwip dev eth2 > > ip route add to privatenetwork dev eth0 table eth0 > > route add default dev ppp0 > > ip route add default dev ppp0 table ppp0 > > ip route add default dev eth0 table eth0 > > ip route add default via eth1gwip dev eth1 table eth1 > > ip route add default via eth2gwip dev eth2 table eth2 > > ip route add from eth1ip via eth1gwip dev eth1 table eth1 > > ip route add from eth1ip via eth2gwip dev eth2 table eth2 > > > > > > Thanks > > Stephen > > Regards > > -- > Julian Anastasov <ja@ssi.bg> >Stephen Fletcher mailto:stephen@tha.net Technologically Higher Altitudes http://www.tha.com.au
Hello, On Thu, 13 Dec 2001, Stephen wrote:> Julian I am already using a kernel patched with your routes-2.2.19 patchOh! But did you read the documents?> here is an example of my rule and route list i am presently trying and the > errors i am getting. I have 202.1.1.0/25 + 2 other ips on ppp0 my main > static ip link. The 202.2.2 is my adsl on eth1. 202.3.3 is my cable > on eth2 which i try to route all my clients from 202.1.1.128/25 out of by > default.No, there are some rules you must follow: - remove all your default routes from table main - table main must be reached from rule with lowest priority but after table local - when adding IP address the proper network routes is automatically added from the kernel: this is the reason for your error messages - all directly connected networks must be added to table main, it includes all host routes (/32). Don''t try to introduce errors by using extra tables. It could work if you do them correctly. - add ip rules and routes: source routes to universe - for each public network add rules in the form "from pubnet/netsize to all table X" and then add default routes through each gateway. As result, the gatewayed routes are with lower priority (higher prio number) from the directly connected networks As result, all direct routes (without gateway) are in table main and the hosts from all networks can talk directly IP and ARP without hiting wrong gatewayed route by mistake. - at the end add "from all to all" rules and routes. You can select different form: multipath routes or list of alternative routes. The howtos mention about different variants. Even if the Nano-HOWTO is for 2.4 all its rules and routes work for 2.2. There is a complete list of all settings. - In all routes use preferred source address (src XXX) I don''t see your IPs, so use something like this: ip route del default ip addr add 202.1.1.X/25 brd + dev eth0 ip addr add 202.2.2.X/Y brd + dev eth1 ip route add 202.3.3.153/32 dev eth2 src XXX ... No, it is a full mess. I can''t show you the right settings because I don''t see the full picture: addresses, topology, etc. I hope you understand your setup. Try to follow the above rules. Use source routing only for routes to universe. Regards -- Julian Anastasov <ja@ssi.bg>
Thanks for that. I have it working now. Here is my much neater route table. My rules look scarey but I think thats ok. Sorry Im still using a few tables :) ip ro add 0.0.0.0/0 dev ppp0 proto static table main ip ro add 0.0.0.0/0 dev eth0 proto static table eth0 ip ro add 0.0.0.0/0 via 202.2.2.17 dev eth1 proto static table eth1 ip ro add 0.0.0.0/0 via 202.3.3.129 dev eth2 proto static table eth2 ip ro add from 202.1.1.128/25 via 202.3.3.129 proto static table eth2 My question is tho, I have your route patch in my kernel, but if I do a ifconfig eth1 down and then ifconfig eth1 up, stuff that was headed out eth1 before the down/up now goes out the default route ppp0 until I re-add the eth1 route. I believe that with your patch the routes should stay? Thanks again> On Thu, 13 Dec 2001, Stephen wrote: > > > Julian I am already using a kernel patched with your routes-2.2.19 patch > > Oh! But did you read the documents? > > > here is an example of my rule and route list i am presently trying and the > > errors i am getting. I have 202.1.1.0/25 + 2 other ips on ppp0 my main > > static ip link. The 202.2.2 is my adsl on eth1. 202.3.3 is my cable > > on eth2 which i try to route all my clients from 202.1.1.128/25 out of by > > default. > > No, there are some rules you must follow: > > - remove all your default routes from table main > > - all directly connected networks must be added to table main, > it includes all host routes (/32). Don''t try to introduce errors > by using extra tables. It could work if you do them correctly. > > As result, all direct routes (without gateway) are in > table main and the hosts from all networks can talk directly IP > and ARP without hiting wrong gatewayed route by mistake. >
Hello, On Fri, 14 Dec 2001, Stephen wrote:> Thanks for that. I have it working now. > > Here is my much neater route table. My rules look scarey but I think thats > ok. Sorry Im still using a few tables :) > > ip ro add 0.0.0.0/0 dev ppp0 proto static table main > ip ro add 0.0.0.0/0 dev eth0 proto static table eth0 > ip ro add 0.0.0.0/0 via 202.2.2.17 dev eth1 proto static table eth1 > ip ro add 0.0.0.0/0 via 202.3.3.129 dev eth2 proto static table eth2 > ip ro add from 202.1.1.128/25 via 202.3.3.129 proto static table eth2I still don''t understand your setup ...> My question is tho, I have your route patch in my kernel, but if I do a > ifconfig eth1 down and then ifconfig eth1 up, stuff that was headed out > eth1 before the down/up now goes out the default route ppp0 until I re-add > the eth1 route. I believe that with your patch the routes should stay?I can confirm a problem with static routes that remain in dead state but I don''t understand your question. Is this the same problem you are talking about?> Thanks againRegards -- Julian Anastasov <ja@ssi.bg>
Hello, On Fri, 14 Dec 2001 Stephen@tha.net wrote:> > I can confirm a problem with static routes that remain in dead state > > but I don''t understand your question. Is this the same problem you are > > talking about? > > > > yes this was what i was having a problem with. is there any work around to get > these dead routes alive again without readding them?I just uploaded new versions for the patches fixing the bug where some of the static routes can not notice that their gateway becomes up from the same event. Regards -- Julian Anastasov <ja@ssi.bg>