LARTC - Nov 2002 - problem in routing

Hello

I''m implementing Advanced Routing in my redhat linux pc like this:

                                ------------------------
                          ------| provider1 (with dhcp)
-------------             |     ------------------------
HOME NETWORK|--Linux1--ROUTER
-------------             |     ------------------------
                          ------| provider2 (fixed ip) |
                                ------------------------

My home network has private ips like 10.10.1.0/24 and linux1 is SNATing
all accesses to a public ip like 198.198.198.198 and marking packets
like

iptables -t mangle -A POSTROUTING -d SOME.IP.IN.INTERNET -j MARK
--set-mark 21

In my ROUTER i want to redirect packets according to MARK and i''m
doing:

root@euroter(~)# more /etc/iproute2/rt_tables 
255	local
254	main
253	default

200	over
root@euroter(~)# ip route ls table over
default via XXX.XXX.XXX.XXX dev eth1

where XXX.XXX.XXX.XXX is the gateway of the provider 1.


Doing ip rule ls, i can see that all packets with mark 21 go to table
over.
root@euroter(~)# ip rule ls 
0:	from all lookup local 
32765:	from all fwmark       21 lookup over 
32766:	from all lookup main 
32767:	from all lookup default 

And table over only has default gw, but when i do a
ping XXX.XXX.XXX.XXX it goes throw proveider2 and not provider1.




Thanks for everything
Nuno Fernandes

-- 
Nuno Miguel Pais Fernandes <npf@eurotux.com>
Eurotux S.A.

Hello Nuno,

I''d suggest s/POSTROUTING/PREROUTING/ here:

 : iptables -t mangle -A POSTROUTING -d SOME.IP.IN.INTERNET -j MARK
 : --set-mark 21
 : 
 : In my ROUTER i want to redirect packets according to MARK and i''m
doing:
 : 
 : root@euroter(~)# more /etc/iproute2/rt_tables 
 : 255	local
 : 254	main
 : 253	default
 : 200	over

Consult Stef Coene''s kernel packet traveling diagram, which should 
explain (visually) why you want to mark the packet before the routing 
stage.

  http://www.docum.org/stef.coene/qos/kptd/

 : root@euroter(~)# ip route ls table over
 : default via XXX.XXX.XXX.XXX dev eth1
 : 
 : where XXX.XXX.XXX.XXX is the gateway of the provider 1.
 :
 : Doing ip rule ls, i can see that all packets with mark 21 go to table
 : over.
 : root@euroter(~)# ip rule ls 
 : 0:	from all lookup local 
 : 32765:	from all fwmark       21 lookup over 
 : 32766:	from all lookup main 
 : 32767:	from all lookup default 

Naturally, the RPDB (displayed with "ip rule show") is consulted as
part
of the routing process.

So, in short, your host euroter is doing as follows:

  - routing the packet
  - marking the packet
  - transmitting via provider2

 : And table over only has default gw, but when i do a
 : ping XXX.XXX.XXX.XXX it goes throw proveider2 and not provider1.

Good luck,

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

On Tue, 2002-11-12 at 15:51, Martin A. Brown wrote:
> Hello Nuno,
> 
> I''d suggest s/POSTROUTING/PREROUTING/ here:
> 
>  : iptables -t mangle -A POSTROUTING -d SOME.IP.IN.INTERNET -j MARK
>  : --set-mark 21
>  : 

Ok..

i''ve done that without success.
Please watch that the routing is made in the router machine and the
marking is made in the linux box before and because of that it doesn''t
matter where i mark the packets.


Thanks anyway
Nuno Fernandes

>  : In my ROUTER i want to redirect packets according to MARK and
i''m doing:
>  : 
>  : root@euroter(~)# more /etc/iproute2/rt_tables 
>  : 255	local
>  : 254	main
>  : 253	default
>  : 200	over
> 
> Consult Stef Coene''s kernel packet traveling diagram, which should
> explain (visually) why you want to mark the packet before the routing 
> stage.
> 
>   http://www.docum.org/stef.coene/qos/kptd/
> 
>  : root@euroter(~)# ip route ls table over
>  : default via XXX.XXX.XXX.XXX dev eth1
>  : 
>  : where XXX.XXX.XXX.XXX is the gateway of the provider 1.
>  :
>  : Doing ip rule ls, i can see that all packets with mark 21 go to table
>  : over.
>  : root@euroter(~)# ip rule ls 
>  : 0:	from all lookup local 
>  : 32765:	from all fwmark       21 lookup over 
>  : 32766:	from all lookup main 
>  : 32767:	from all lookup default 
> 
> Naturally, the RPDB (displayed with "ip rule show") is consulted
as part
> of the routing process.
> 
> So, in short, your host euroter is doing as follows:
> 
>   - routing the packet
>   - marking the packet
>   - transmitting via provider2
> 
>  : And table over only has default gw, but when i do a
>  : ping XXX.XXX.XXX.XXX it goes throw proveider2 and not provider1.
> 
> Good luck,
> 
> -Martin
-- 
Nuno Miguel Pais Fernandes <npf@eurotux.com>
Eurotux S.A.

: Ok..
 : i''ve done that without success.
 : Please watch that the routing is made in the router machine and the
 : marking is made in the linux box before and because of that it
doesn''t
 : matter where i mark the packets.

Ah, now I understand!  But it does matter, tremendously.

I didn''t perceive in your previous post that you had two hosts. 
Perhaps I
was being dense.

The "fwmark" is a field on the packet which only exists in the data 
structure used to represent the packet on a single machine.  In short, the 
fwmark does not survive a single machine.  As soon as the packet is 
transmitted, the fwmark is lost.

You could use the mangle table with the TOS target and then change your ip
rule to route based on ToS.  I''m unsure of the implications for your
network, but this is a possible solution.  If you modify the ToS on the 
packet, this will be visible to other hosts.

Good luck,

-Martin

 : Thanks anyway
 : Nuno Fernandes
 : 
 : On Tue, 2002-11-12 at 15:51, Martin A. Brown wrote:
 : > Hello Nuno,
 : > 
 : > I''d suggest s/POSTROUTING/PREROUTING/ here:
 : > 
 : >  : iptables -t mangle -A POSTROUTING -d SOME.IP.IN.INTERNET -j MARK
 : >  : --set-mark 21
 : >  : 
 : >  : In my ROUTER i want to redirect packets according to MARK and
i''m doing:
 : >  : 
 : >  : root@euroter(~)# more /etc/iproute2/rt_tables 
 : >  : 255	local
 : >  : 254	main
 : >  : 253	default
 : >  : 200	over
 : > 
 : > Consult Stef Coene''s kernel packet traveling diagram, which
should
 : > explain (visually) why you want to mark the packet before the routing 
 : > stage.
 : > 
 : >   http://www.docum.org/stef.coene/qos/kptd/
 : > 
 : >  : root@euroter(~)# ip route ls table over
 : >  : default via XXX.XXX.XXX.XXX dev eth1
 : >  : 
 : >  : where XXX.XXX.XXX.XXX is the gateway of the provider 1.
 : >  :
 : >  : Doing ip rule ls, i can see that all packets with mark 21 go to table
 : >  : over.
 : >  : root@euroter(~)# ip rule ls 
 : >  : 0:	from all lookup local 
 : >  : 32765:	from all fwmark       21 lookup over 
 : >  : 32766:	from all lookup main 
 : >  : 32767:	from all lookup default 
 : > 
 : > Naturally, the RPDB (displayed with "ip rule show") is
consulted as part
 : > of the routing process.
 : > 
 : > So, in short, your host euroter is doing as follows:
 : > 
 : >   - routing the packet
 : >   - marking the packet
 : >   - transmitting via provider2
 : > 
 : >  : And table over only has default gw, but when i do a
 : >  : ping XXX.XXX.XXX.XXX it goes throw proveider2 and not provider1.
 : > 
 : > Good luck,
 : > 
 : > -Martin
 : 

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com



_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hi all

i have bandwidth about 128kbps from uplink provider
and i have one ADSL 192 connection from other provider

provider 1 gives me static IP''s
provider 2 not give Static he gives the Dynamic IP''s

i have home users around 76 people
i want to distribute the bandwidth for all the people
equavalent

and i want to give more proirity for http and yahoo
and MSN

and FTP and other download like (mp3, avi)application
will be less priority

so people can browse fast.,

at this moment my setup is
and iam running already squid for caching with
transparent with iptables 

i have installed Linux with redhat 7.3 for the link
with provider 1 and doing NAT.
ip address range is 192.168.2.0

Provider 2 adsl router iam doing directly doing NAT
with Zyxel router. since its not connected to Linux
box, iam not able to manage the bandwidth here
ip address range 192.168.20.0

so i want to load balance both the links and make QoS
how do i achive the above setup
can any one guide me

thanks in advance

hari

__________________________________________________
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos
http://launch.yahoo.com/u2
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Dam :)

The reason why i mark the packets in the linux box is because the router
is a minimlistic kernel.. without mangle support :(

I''ll try it and then put the notes in the mailling list if i succeed :)

Thanks anyway.

On Tue, 2002-11-12 at 16:19, Martin A. Brown wrote:
>  : Ok..
>  : i''ve done that without success.
>  : Please watch that the routing is made in the router machine and the
>  : marking is made in the linux box before and because of that it
doesn''t
>  : matter where i mark the packets.
> 
> Ah, now I understand!  But it does matter, tremendously.
> 
> I didn''t perceive in your previous post that you had two hosts. 
Perhaps I
> was being dense.
> 
> The "fwmark" is a field on the packet which only exists in the
data
> structure used to represent the packet on a single machine.  In short, the 
> fwmark does not survive a single machine.  As soon as the packet is 
> transmitted, the fwmark is lost.
> 
> You could use the mangle table with the TOS target and then change your ip
> rule to route based on ToS.  I''m unsure of the implications for
your
> network, but this is a possible solution.  If you modify the ToS on the 
> packet, this will be visible to other hosts.
> 
> Good luck,
> 
> -Martin
> 
>  : Thanks anyway
>  : Nuno Fernandes
>  : 
>  : On Tue, 2002-11-12 at 15:51, Martin A. Brown wrote:
>  : > Hello Nuno,
>  : > 
>  : > I''d suggest s/POSTROUTING/PREROUTING/ here:
>  : > 
>  : >  : iptables -t mangle -A POSTROUTING -d SOME.IP.IN.INTERNET -j MARK
>  : >  : --set-mark 21
>  : >  : 
>  : >  : In my ROUTER i want to redirect packets according to MARK and
i''m doing:
>  : >  : 
>  : >  : root@euroter(~)# more /etc/iproute2/rt_tables 
>  : >  : 255	local
>  : >  : 254	main
>  : >  : 253	default
>  : >  : 200	over
>  : > 
>  : > Consult Stef Coene''s kernel packet traveling diagram,
which should
>  : > explain (visually) why you want to mark the packet before the
routing
>  : > stage.
>  : > 
>  : >   http://www.docum.org/stef.coene/qos/kptd/
>  : > 
>  : >  : root@euroter(~)# ip route ls table over
>  : >  : default via XXX.XXX.XXX.XXX dev eth1
>  : >  : 
>  : >  : where XXX.XXX.XXX.XXX is the gateway of the provider 1.
>  : >  :
>  : >  : Doing ip rule ls, i can see that all packets with mark 21 go to
table
>  : >  : over.
>  : >  : root@euroter(~)# ip rule ls 
>  : >  : 0:	from all lookup local 
>  : >  : 32765:	from all fwmark       21 lookup over 
>  : >  : 32766:	from all lookup main 
>  : >  : 32767:	from all lookup default 
>  : > 
>  : > Naturally, the RPDB (displayed with "ip rule show") is
consulted as part
>  : > of the routing process.
>  : > 
>  : > So, in short, your host euroter is doing as follows:
>  : > 
>  : >   - routing the packet
>  : >   - marking the packet
>  : >   - transmitting via provider2
>  : > 
>  : >  : And table over only has default gw, but when i do a
>  : >  : ping XXX.XXX.XXX.XXX it goes throw proveider2 and not provider1.
>  : > 
>  : > Good luck,
>  : > 
>  : > -Martin
>  : 
-- 
Nuno Miguel Pais Fernandes <npf@eurotux.com>
Eurotux S.A.