G''day, I had a quick search through the archives to try and find an answer but I have come up with a blank, so I''m hoping I can get a little help here. I have a linux machine with 2.4.19 on it, and 2 Internet links. eth0 is Telstra Bigpond Cable (Semi static ip, its dhcp assigned), which I want to route certain ips ranges over this link. 144.135.23.0/24 for eg. eth1 is the internal interface on 192.168.0.0/24 eth2 is an adsl connection with a static ip which I want to be the default route for any traffic left over. I can get this to sort of work, but traceroute''ing to anything I set static routes [1] with, doesn''t work because I assume that it trys to come back via the default route. Is that right? Also I need to break the adsl connection into 2 parts, its a 512kbit link, so I would like to take 384kbit and 128kbit of the link, and assign 128kbit to 192.168.0.192/27 which would be done on eth1, but I don''t want to limit traffic coming from eth0. (eth0 is 9mbit, so its a bit of a waste to shape it down to 128kbit now isnt it :) Is any of this possible or am I just dreaming? [1] route add -net ip.add.re.ss netmask 255.255.255.255 gw <gw ip of eth0> Thanks in advance. Regards, Brad Lay (brad@coombabah.net) _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Brad, : G''day, I had a quick search through the archives to try and find an : answer but I have come up with a blank, so I''m hoping I can get a : little help here. Probably a difficulty of terminology, rather than a difficulty with finding questions and answers on the multi-link router..... : I have a linux machine with 2.4.19 on it, and 2 Internet links. Right. /me too! :) This is a NATting multi-link router.....(which is also not uncommon). : eth0 is Telstra Bigpond Cable (Semi static ip, its dhcp assigned), which I : want to route certain ips ranges over this link. 144.135.23.0/24 for eg. Right....so: "ip route add 144.135.23.0/24 via $TELSTRA_ROUTER". You appear to have that down: : [1] route add -net ip.add.re.ss netmask 255.255.255.255 gw <gw ip of eth0> : : I can get this to sort of work, but traceroute''ing to anything I set : static routes [1] with, doesn''t work because I assume that it trys to come : back via the default route. Is that right? Eh? What do you mean? The routing table on your linux router has nothing to do with the upstream routers. Your linux box should NAT to an IP in the network range of the interface from which you wish to send the packet. (Clunky sentence, I know...) Example, since the IP on eth0 is dynamic: iptables -t POSTROUTING -d 144.135.23.0/24 -o eth0 -j MASQUERADE The packet will leave with the source address currently on eth0. So, if you are tracerouting to any IP in 144.135.23.0/24, you should see packets on eth0 (transmitted with increasing TTLs) from this source address. Try it for yourself, and examine the packets with tcpdump: tcpdump -nn -i eth0 udp : eth2 is an adsl connection with a static ip which I want to be the default : route for any traffic left over. Yup. There''s no traffic left over after a default route! : Also I need to break the adsl connection into 2 parts, its a 512kbit link, : so I would like to take 384kbit and 128kbit of the link, and assign : 128kbit to 192.168.0.192/27 which would be done on eth1, but I don''t want : to limit traffic coming from eth0. (eth0 is 9mbit, so its a bit of a waste : to shape it down to 128kbit now isnt it :) I presume you mean you want to split the available bandwidth. This is traffic control, and you can accomplish this with tc. Read http://lartc.org/howto/ # -- linux advanced routing and traffic control http://docum.org/ # -- Stef Coene''s thorough site You might benefit most by starting with this: http://docum.org/stef.coene/qos/docs/BB/BB.html And.... A router can only shape what it sends. Remember the above always. : Is any of this possible or am I just dreaming? Dreaming indeed. Dream your way right on over into traffic control and policy routing with linux. It''s a dream to work with linux. -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
It''s possible (i''ve done it for one of my customers two days ago, using the Martin manual below). It is explained in very simple way here : http://www.linux-ip.net/html/adv-multi-internet.html#adv-multi-internet-outbound Thanks again Martin !!! Brad Lay wrote:>G''day, I had a quick search through the archives to try and find an answer >but I have come up with a blank, so I''m hoping I can get a little help >here. > >I have a linux machine with 2.4.19 on it, and 2 Internet links. > >eth0 is Telstra Bigpond Cable (Semi static ip, its dhcp assigned), which I >want to route certain ips ranges over this link. 144.135.23.0/24 for eg. > >eth1 is the internal interface on 192.168.0.0/24 > >eth2 is an adsl connection with a static ip which I want to be the default >route for any traffic left over. > >I can get this to sort of work, but traceroute''ing to anything I set >static routes [1] with, doesn''t work because I assume that it trys to come >back via the default route. Is that right? > >Also I need to break the adsl connection into 2 parts, its a 512kbit link, >so I would like to take 384kbit and 128kbit of the link, and assign >128kbit to 192.168.0.192/27 which would be done on eth1, but I don''t want >to limit traffic coming from eth0. (eth0 is 9mbit, so its a bit of a waste >to shape it down to 128kbit now isnt it :) > >Is any of this possible or am I just dreaming? > > >[1] route add -net ip.add.re.ss netmask 255.255.255.255 gw <gw ip of eth0> > >Thanks in advance. > >Regards, > >Brad Lay >(brad@coombabah.net) > >_______________________________________________ >LARTC mailing list / LARTC@mailman.ds9a.nl >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Sun, 9 Mar 2003, paolopoletti wrote:> It''s possible (i''ve done it for one of my customers two days ago, using > the Martin manual below). > > It is explained in very simple way here : > http://www.linux-ip.net/html/adv-multi-internet.html#adv-multi-internet-outboundThis really helped, but it still didn''t achieve what I wanted. I ended up having all traffic route via the "table 4", instead of just the traffic I fwmark''d. Currently its setup backwards to how I''d like it setup, but reversing it shouldn''t be too hard once I have it working. Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 203.166.87.135 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 203.45.180.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0 0.0.0.0 203.45.180.1 0.0.0.0 UG 0 0 0 eth0 traceroute before I run this script 1 10.224.40.1 (10.224.40.1) 7.413 ms 7.148 ms 5.993 ms 2 CPE-61-9-209-7.qld.bigpond.net.au (61.9.209.7) 7.527 ms 7.579 ms 8.155 ms 3 GigabitEthernet4-2.cha23.telstra.net (139.130.193.117) 212.405 ms 214.032 ms 196.079 ms 4 GigabitEthernet1-2.woo-core1.Brisbane.telstra.net (203.50.50.129) 8.220 ms 8.770 ms 8.499 ms 5 Pos5-0.ken-core4.Sydney.telstra.net (203.50.6.221) 18.455 ms 20.626 ms 19.562 ms [what I used below] eth0 ip = 203.45.180.34 gateway = 203.45.180.1 ppp0 ip = 203.217.13.226 gateway = 203.166.87.135 #!/bin/bash ip route flush table 4 ip route show table main | grep -Ev ^default \ | while read ROUTE ; do ip route add table 4 $ROUTE done ip route add table 4 default via 203.166.87.135 iptables -t mangle -A PREROUTING -p tcp --dport 22 -j MARK --set-mark 4 iptables -t mangle -A PREROUTING -s 192.168.0.5 -j MARK --set-mark 4 iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 203.45.180.34 iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to-source 203.217.13.226 ip rule add fwmark 4 table 4 ip route flush cache And traceroute after I run it. [07:25 PM][root@genuis][~]$ traceroute syd1.samford.net traceroute to syd1.samford.net (202.155.174.85), 30 hops max, 38 byte packets 1 203.166.87.135 (203.166.87.135) 25.317 ms 27.793 ms 25.888 ms 2 107.ATM2-0-0.GW2.BNE1.ALTER.NET (203.166.90.249) 41.877 ms 27.741 ms 25.901 ms 3 422.AT-6-0-0.XR1.BNE1.ALTER.NET (210.80.32.53) 27.930 ms 31.898 ms 31.840 ms 4 So-0-0-0.XR1.SYD2.ALTER.NET (210.80.33.1) 37.854 ms 43.755 ms Anybody got any ideas.. I don''t really understand fwmark too much, im just winging it so far. :) Thanks again. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Brad, : This really helped, but it still didn''t achieve what I wanted. I ended up : having all traffic route via the "table 4", instead of just the traffic I : fwmark''d. Thank you for the feedback. I''ll pay attention to what I failed to convey in the multi-link section of my documentation, so I can improve it. (That section hasn''t been rewritten in a *very long time*, and could use some editing.) : Currently its setup backwards to how I''d like it setup, but reversing it : shouldn''t be too hard once I have it working. : : traceroute before I run this script : : 1 10.224.40.1 (10.224.40.1) 7.413 ms 7.148 ms 5.993 ms : 2 CPE-61-9-209-7.qld.bigpond.net.au (61.9.209.7) 7.527 ms 7.579 ms 8.155 ms : 3 GigabitEthernet4-2.cha23.telstra.net (139.130.193.117) 212.405 ms 214.032 ms 196.079 ms : 4 GigabitEthernet1-2.woo-core1.Brisbane.telstra.net (203.50.50.129) 8.220 ms 8.770 ms 8.499 ms : 5 Pos5-0.ken-core4.Sydney.telstra.net (203.50.6.221) 18.455 ms 20.626 ms 19.562 ms Please suppress name lookup on your traceroute--I think it''ll be a bit easier to read and debug....thank you. <much-snipped> What does "ip rule show" produce? <much-snipped> : Anybody got any ideas.. I don''t really understand fwmark too much, im just : winging it so far. :) fwmark is meta-information about a packet. It is not a part of the packet. As meta-information, it expires as soon as the packet is transmitted from the router. fwmarks are a way to use tools like ipchains/iptables to select packets for different treatment in routing and traffic control subsystems. In order to help you better diagnose your current configuration, I''d suggest using tcpdump on both outside interfaces while generating traffic from the inside network: # tcpdump -nn -i eth0 host 203.50.6.221 # tcpdump -nn -i ppp0 host 203.50.6.221 Now, start your traceroute from an internal machine. All of your traffic should go across one of these two links. Make sure you generate traffic which should go out each link. In other words, generate some traffic from 192.168.0.5 and some ssh, and then try something else from another host. This will tell you whether policy routing is functioning or not. Good luck, -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/