Hello All, I have two Internet link and two LAN networks I have Redhat-7.1 linux-2.4.17 kernel and 2 NICs In eth0 172.16.1.1 and eth0:1 192.168.1.1 in eth1 are public ips of isps as eth1 a.b.c.d and eth1:0 w.x..y.z I want do source routing using ip rule command. echo 200 isp1 >> /etc/iproute2/rt_tables ip rule add from 172.16.1.0/24 table isp1 ip rule ls 0: from all lookup local 32765: from 172.16.1.0/24 lookup isp1 32766: from all lookup main 32767: from all lookup default ip route add default via a.b.c.d dev eth1 table isp1 ip route flush cache Its work fine when request comes from 172.16.1.0 netwok When i add ip route add default via w.x.y.z dev eth1 to forward request from another lan network it works fine but req from 172.16.1.0 does not work if i remove ip route del default via w.x.y.z dev eth1 its work well. Did i leaveout anything in configuration? Is my confifuration is correct? Thanks, Suresh _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
On Wed, Feb 27, 2002 at 04:29:23PM +0530, suresh wrote:> to forward request from another lan network it works fine > but req from 172.16.1.0 does not work > > if i remove > ip route del default via w.x.y.z dev eth1 > > its work well. > > Did i leaveout anything in configuration?I''m not sure about this. At one point I understood how this worked but I don''t anymore. There is something in the HOWTO about fallback routes. I think there are people here who do understand the interaction between different tables'' default routes. Regards, bert -- http://www.PowerDNS.com Versatile DNS Software & Services http://www.tk the dot in .tk http://lartc.org Linux Advanced Routing & Traffic Control HOWTO
Arthur van Leeuwen
2002-Feb-28 11:14 UTC
Re: interaction between different tables'' default routes
On Thu, 28 Feb 2002, bert hubert wrote:> On Wed, Feb 27, 2002 at 04:29:23PM +0530, suresh wrote: > > > to forward request from another lan network it works fine > > but req from 172.16.1.0 does not work > > > > if i remove > > ip route del default via w.x.y.z dev eth1 > > > > its work well. > > > > Did i leaveout anything in configuration? > > I''m not sure about this. At one point I understood how this worked but I > don''t anymore. There is something in the HOWTO about fallback routes. I > think there are people here who do understand the interaction between > different tables'' default routes.Let''s see if I can explain. First: suresh, your setup ought to work. The point of having different routing tables is exactly that: having different routing tables. Each table is technically independent. However, if a particular table does not come op with a route for a packet to take, the next rule is investigated, and if it matches the packet, a route is searched in the table looked up from that rule. For most rulesets one would end up using the routes in table main... In your case I don''t see how that can occur, as you have a default route in table isp1. However, what *does* occur is somewhat of a mistery to me. Could you show us your full routing tables (ip route show table all) as well as the routing cache (ip route show table cache) with and without the default route via w.x.y.z dev eth1? (You may want to run a ip route flush table cache first... this will make the route cache somewhat more palpable.) Doei, Arthur. -- /\ / | arthurvl@sci.kun.nl | Work like you don''t need the money /__\ / | A friend is someone with whom | Love like you have never been hurt / \/__ | you can dare to be yourself | Dance like there''s nobody watching
On Wed, Feb 27, 2002 at 04:29:23PM +0530, suresh wrote:> I have two Internet link and two LAN networks > I have Redhat-7.1 linux-2.4.17 kernel and 2 NICs > In eth0 172.16.1.1 and eth0:1 192.168.1.1 > in eth1 are public ips of isps as eth1 a.b.c.d and eth1:0 w.x..y.z > > I want do source routing using ip rule command. > > echo 200 isp1 >> /etc/iproute2/rt_tables > ip rule add from 172.16.1.0/24 table isp1 > ip rule ls > 0: from all lookup local > 32765: from 172.16.1.0/24 lookup isp1 > 32766: from all lookup main > 32767: from all lookup default > > ip route add default via a.b.c.d dev eth1 table isp1 > ip route flush cache > > Its work fine when request comes from 172.16.1.0 netwok > > When i add > ip route add default via w.x.y.z dev eth1 > > to forward request from another lan network it works fine > but req from 172.16.1.0 does not work > > if i remove > ip route del default via w.x.y.z dev eth1 > > its work well. > > Did i leaveout anything in configuration?Yep: by adding the rule: ip rule add from 172.16.1.0/24 table isp1 everything *WILL* go to table isp1. In my experience everything even local traffic that matches the rule will go to the isp1 table, and hence will be routed to the gateway. Use a normal routing table for isp1: For instance: ip route add 172.16.1.0/24 dev {right device} scope link to make sure that you can still route back to 172.16.1.0... Anyway: tcpdumping all of your interfaces will make you clear what is actually happenning. Thinking about it: it only contains a default route, which means, it only knows that it should route to that default gateway. The default is I guess some sort of end point in a routing table. -- <ard@telegraafnet.nl> Telegraaf Elektronische Media http://wwwijzer.nl http://leerquoten.monster.org/ http://www.faqs.org/rfcs/rfc1855.html Let your government know you value your freedom. Sign the petition: http://petition.eurolinux.org/
Hi Ard, Actually i need to distribute the traffic to two different routers. So I tried to send traffic from 172.16.1.0/24 to a.b.c.d and another network through w.x.y.z Thanks Suresh> On Wed, Feb 27, 2002 at 04:29:23PM +0530, suresh wrote: > > I have two Internet link and two LAN networks > > I have Redhat-7.1 linux-2.4.17 kernel and 2 NICs > > In eth0 172.16.1.1 and eth0:1 192.168.1.1 > > in eth1 are public ips of isps as eth1 a.b.c.d and eth1:0 w.x..y.z > > > > I want do source routing using ip rule command. > > > > echo 200 isp1 >> /etc/iproute2/rt_tables > > ip rule add from 172.16.1.0/24 table isp1 > > ip rule ls > > 0: from all lookup local > > 32765: from 172.16.1.0/24 lookup isp1 > > 32766: from all lookup main > > 32767: from all lookup default > > > > ip route add default via a.b.c.d dev eth1 table isp1 > > ip route flush cache > > > > Its work fine when request comes from 172.16.1.0 netwok > > > > When i add > > ip route add default via w.x.y.z dev eth1 > > > > to forward request from another lan network it works fine > > but req from 172.16.1.0 does not work > > > > if i remove > > ip route del default via w.x.y.z dev eth1 > > > > its work well. > > > > Did i leaveout anything in configuration? > Yep: by adding the rule: > ip rule add from 172.16.1.0/24 table isp1 > everything *WILL* go to table isp1. > In my experience everything even local traffic that matches the rule > will go to the isp1 table, and hence will be routed to the gateway. > > Use a normal routing table for isp1: > For instance: > ip route add 172.16.1.0/24 dev {right device} scope link > to make sure that you can still route back to 172.16.1.0... > > Anyway: tcpdumping all of your interfaces will make you clear what is > actually happenning. > > Thinking about it: it only contains a default route, which means, it > only knows that it should route to that default gateway. > The default is I guess some sort of end point in a routing table. > > -- > <ard@telegraafnet.nl> Telegraaf Elektronische Media http://wwwijzer.nl > http://leerquoten.monster.org/ http://www.faqs.org/rfcs/rfc1855.html > Let your government know you value your freedom. Sign the petition: > http://petition.eurolinux.org/_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
On Thu, 28 Feb 2002, Ard van Breemen wrote:> On Wed, Feb 27, 2002 at 04:29:23PM +0530, suresh wrote: > > In eth0 172.16.1.1 and eth0:1 192.168.1.1 > > in eth1 are public ips of isps as eth1 a.b.c.d and eth1:0 w.x..y.z> > echo 200 isp1 >> /etc/iproute2/rt_tables > > ip rule ls > > 0: from all lookup local > > 32765: from 172.16.1.0/24 lookup isp1 > > 32766: from all lookup main > > 32767: from all lookup default> > ip route add default via a.b.c.d dev eth1 table isp1 > > ip route flush cache> > Its work fine when request comes from 172.16.1.0 netwok > > When i add ip route add default via w.x.y.z dev eth1 > > to forward request from another lan network it works fine > > but req from 172.16.1.0 does not work > > if i remove ip route del default via w.x.y.z dev eth1 > > its work well.> > Did i leaveout anything in configuration?> Yep: by adding the rule: > ip rule add from 172.16.1.0/24 table isp1 > everything *WILL* go to table isp1.Bzt. Every packet with a source address matching 172.16.1.0 will have table isp1 searched first. If no route comes up for it the packet will still be routed according to table main.> In my experience everything even local traffic that matches the rule > will go to the isp1 table, and hence will be routed to the gateway.Local traffic should not be routed over this host anyway. The only thing that will break is traffic from this host to the local network.> Use a normal routing table for isp1: > For instance: > ip route add 172.16.1.0/24 dev {right device} scope link > to make sure that you can still route back to 172.16.1.0...This is good advice. Very good advice. It makes for a much clearer configuration.> Anyway: tcpdumping all of your interfaces will make you clear what is > actually happenning.Not always. Besides, the information you need is in the routing tables... why not look at that instead and try to figure out what should happen? (Ofcourse, this will not show programs sneakily changing the TOS of a connection... but still... the information can be found in the routing tables, if you count the cache as a routing table as well... :))> Thinking about it: it only contains a default route, which means, it > only knows that it should route to that default gateway. > The default is I guess some sort of end point in a routing table.Any route is an endpoint. Once a route has been found, the routing algorithm will quit searching, and just route out that route. This has interesting consequences, as the first thing searched is always the cache... and you can even manipulate *that* by hand. >:) Doei, Arthur. -- /\ / | arthurvl@sci.kun.nl | Work like you don''t need the money /__\ / | A friend is someone with whom | Love like you have never been hurt / \/__ | you can dare to be yourself | Dance like there''s nobody watching
On Thu, Feb 28, 2002 at 01:31:36PM +0100, Arthur van Leeuwen wrote:> > Yep: by adding the rule: > > ip rule add from 172.16.1.0/24 table isp1 > > everything *WILL* go to table isp1. > Bzt. Every packet with a source address matching 172.16.1.0 will have > table isp1 searched first. If no route comes up for it the packet will still > be routed according to table main.Yes, but that table contains a default route. And since the gateway is accessible, it ends there...> > In my experience everything even local traffic that matches the rule > > will go to the isp1 table, and hence will be routed to the gateway. > Local traffic should not be routed over this host anyway. The only thing > that will break is traffic from this host to the local network.If you have a local ip in that network (172.16.1.0/24), and connect to that local ip...> > Use a normal routing table for isp1: > > For instance: > > ip route add 172.16.1.0/24 dev {right device} scope link > > to make sure that you can still route back to 172.16.1.0... > This is good advice. Very good advice. It makes for a much clearer > configuration.It is not only clear, but also necessary in this case. Because the next line is a default route... Ehhh, unless the machine is not link local to 172.16.1.0/24...> > Anyway: tcpdumping all of your interfaces will make you clear what is > > actually happenning. > Not always. Besides, the information you need is in the routing tables... > why not look at that instead and try to figure out what should happen? > > (Ofcourse, this will not show programs sneakily changing the TOS of a > connection... but still... the information can be found in the routing > tables, if you count the cache as a routing table as well... :))Allright, if you are experencied, you only have to do ip route get.... But to become experienced you need to know what is going on.> > Thinking about it: it only contains a default route, which means, it > > only knows that it should route to that default gateway. > > The default is I guess some sort of end point in a routing table. > Any route is an endpoint. Once a route has been found, the routing algorithm > will quit searching, and just route out that route. This has interestingUnless the gateway is considered dead, and an alternate route exists...> consequences, as the first thing searched is always the cache... and you can > even manipulate *that* by hand. >:)Interesting side effects as in, "hey, it suddenly does not work anymore!". :) -- <ard@telegraafnet.nl> Telegraaf Elektronische Media http://wwwijzer.nl http://leerquoten.monster.org/ http://www.faqs.org/rfcs/rfc1855.html Let your government know you value your freedom. Sign the petition: http://petition.eurolinux.org/