the scheme of my LAN is the next: eth0 isp1 /32 eth1 lan de isp1 (LAN With public IP /24) eth2 isp2 /32 eth3 lan de isp2 (LAN With public IP /26) ip route add 200.47.x.x/24 dev eth0 src 200.47.4.x table 1 ip route add default via 200.47.4.x table 1 ip route add 200.80.32.x/26 dev eth2 src 200.80.32.x table 2 ip route add default via 200.80.32.x table 2 ip rule add from 200.47.4.x table 1 ip rule add from 200.80.32.x table 2 ip route add default scope global nexthop via 200.47.4.x dev eth0 nexthop via 200.80.32.x dev eth2 ****** My problem is this: when I trace from the NETWORK of ISP1, sometimes the tracer go out from the gateway of ISP2 and vice versa And when someone trace an IP from my LAN of ISP1, it`s showme as before complete the gateway from ISP2 y vice versa. Mi question is: what is wrong in my config...??? What I need to put or is anything wrong with this config???. THANKS VERY MUCH AND SORRY FOR MI HIGHSCHOOL ENGLISH. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi nixo, I suppose you don''t preserve properly output address see my postting with script from 15th October this year :) (append prohibit default:) nnca> the scheme of my LAN is the next: nnca> eth0 isp1 /32 nnca> eth1 lan de isp1 (LAN With public IP /24) nnca> eth2 isp2 /32 nnca> eth3 lan de isp2 (LAN With public IP /26) nnca> ip route add 200.47.x.x/24 dev eth0 src 200.47.4.x table 1 nnca> ip route add default via 200.47.4.x table 1 nnca> ip route add 200.80.32.x/26 dev eth2 src 200.80.32.x table 2 nnca> ip route add default via 200.80.32.x table 2 nnca> ip rule add from 200.47.4.x table 1 nnca> ip rule add from 200.80.32.x table 2 nnca> ip route add default scope global nexthop via 200.47.4.x dev eth0 nexthop nnca> via nnca> 200.80.32.x dev eth2 nnca> ****** nnca> My problem is this: when I trace from the NETWORK of ISP1, sometimes the nnca> tracer go out from the gateway of ISP2 and vice versa nnca> And when someone trace an IP from my LAN of ISP1, it`s showme as before nnca> complete the gateway from ISP2 y vice versa. nnca> Mi question is: what is wrong in my config...??? What I need to put or is nnca> anything wrong with this config???. nnca> THANKS VERY MUCH AND SORRY FOR MI HIGHSCHOOL ENGLISH. nnca> _______________________________________________ nnca> LARTC mailing list / LARTC@mailman.ds9a.nl nnca> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ -- Greetings, Robert mailto:rkurjata@ire.pw.edu.pl _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hello all,
I was just wondering If i could do this..
Local___ public_________Gateway1
Subnet IP
local net |------192.168.1.1--| Internet
192.168.1.0-----| |-------202.202.1.1
|------202.202.1.6--|
here goes my routing table
at any subnet say 192.168.1.2 i want some thing like this
1] route to 202.202.1.0/24 via 192.168.1.1
2] default gateway via 202.202.1.1
but at second routing configuration I get host unreachable error by both
route and ip route command..
Though there is route to 202 network via 192.168.1.1 it says unreachable
but I can ping to 202 network..
what should I do to achieve this?
Why I need to do is for dead gateway detection, I do not want to check
the nexthop reachable or not, i need to know if ISP is reachable..
Any support will be grateful!!
regards
Vadiraj C S
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Thank you very much for the solution, but I still have a problem and I need help :) . The problem number one has been solved. When I trace from any computer of my LAN, It`s go out from the right ISP. But after a short time, is like if the rute was chached and it back to the same problem. (I´m getting paranoic :-P ) The Problem number two still happens when someone from outside trace an IP from mi LAN. Always the before complete jump is responded for the interface who correnspond to the other ISP. Do you have an idea what can be the failure... or, can I call this a failure in my config? THANKS VERY MUCH Nicolas Fillon Argentina> Hi nixo, > > I suppose you don''t preserve properly output address see my postting > with script from 15th October this year :) > (append prohibit default:) > > > nnca> the scheme of my LAN is the next: > > nnca> eth0 isp1 /32 > nnca> eth1 lan de isp1 (LAN With public IP /24) > nnca> eth2 isp2 /32 > nnca> eth3 lan de isp2 (LAN With public IP /26) > > nnca> ip route add 200.47.x.x/24 dev eth0 src 200.47.4.x table 1 > nnca> ip route add default via 200.47.4.x table 1 > > > nnca> ip route add 200.80.32.x/26 dev eth2 src 200.80.32.x table 2 > nnca> ip route add default via 200.80.32.x table 2 > > > > nnca> ip rule add from 200.47.4.x table 1 > nnca> ip rule add from 200.80.32.x table 2 > > nnca> ip route add default scope global nexthop via 200.47.4.x dev eth0 > nexthop nnca> via > nnca> 200.80.32.x dev eth2 > > nnca> ****** > > nnca> My problem is this: when I trace from the NETWORK of ISP1, > sometimes the nnca> tracer go out from the gateway of ISP2 and vice > versa > > nnca> And when someone trace an IP from my LAN of ISP1, it`s showme as > before nnca> complete the gateway from ISP2 y vice versa. > > > nnca> Mi question is: what is wrong in my config...??? What I need to > put or is nnca> anything wrong with this config???. > nnca> THANKS VERY MUCH AND SORRY FOR MI HIGHSCHOOL ENGLISH. > > > nnca> _______________________________________________ > nnca> LARTC mailing list / LARTC@mailman.ds9a.nl > nnca> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: > http://lartc.org/ > > > > -- > Greetings, > Robert mailto:rkurjata@ire.pw.edu.pl_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Witaj nixo, W Twoim liście datowanym 22 października 2003 (20:13:29) można przeczytać: Seems like I didn''t read your posting deeply enough. Before I can help I need to know some more details. Why are you using multipath default gateway? If you just need to make a proper routing for two separate lans going through one machine, not mixing them you should never use it. It''s usefull for NAT-ed lan inside, not for public IP''s. Just create simple routes without multipath. eth0 <-> eth1 and eth2 <-> eth3. nnca> Thank you very much for the solution, but I still have a problem and I nnca> need help :) . The problem number one has been solved. When I trace from nnca> any computer of my LAN, It`s go out from the right ISP. But after a short nnca> time, is like if the rute was chached and it back to the same problem. nnca> (I´m getting paranoic :-P ) nnca> The Problem number two still happens when someone from outside trace an IP nnca> from mi LAN. Always the before complete jump is responded for the nnca> interface who correnspond to the other ISP. nnca> Do you have an idea what can be the failure... or, can I call this a nnca> failure in my config? nnca> THANKS VERY MUCH nnca> Nicolas Fillon nnca> Argentina>> Hi nixo, >> >> I suppose you don''t preserve properly output address see my postting >> with script from 15th October this year :) >> (append prohibit default:) >> >> >> nnca> the scheme of my LAN is the next: >> >> nnca> eth0 isp1 /32 >> nnca> eth1 lan de isp1 (LAN With public IP /24) >> nnca> eth2 isp2 /32 >> nnca> eth3 lan de isp2 (LAN With public IP /26) >> >> nnca> ip route add 200.47.x.x/24 dev eth0 src 200.47.4.x table 1 >> nnca> ip route add default via 200.47.4.x table 1 >> >> >> nnca> ip route add 200.80.32.x/26 dev eth2 src 200.80.32.x table 2 >> nnca> ip route add default via 200.80.32.x table 2 >> >> >> >> nnca> ip rule add from 200.47.4.x table 1 >> nnca> ip rule add from 200.80.32.x table 2 >> >> nnca> ip route add default scope global nexthop via 200.47.4.x dev eth0 >> nexthop nnca> via >> nnca> 200.80.32.x dev eth2 >> >> nnca> ****** >> >> nnca> My problem is this: when I trace from the NETWORK of ISP1, >> sometimes the nnca> tracer go out from the gateway of ISP2 and vice >> versa >> >> nnca> And when someone trace an IP from my LAN of ISP1, it`s showme as >> before nnca> complete the gateway from ISP2 y vice versa. >> >> >> nnca> Mi question is: what is wrong in my config...??? What I need to >> put or is nnca> anything wrong with this config???. >> nnca> THANKS VERY MUCH AND SORRY FOR MI HIGHSCHOOL ENGLISH. >> >>-- Pozdrowienia, Robert mailto:rkurjata@ire.pw.edu.pl _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Witaj Nicolas, W Twoim liście datowanym 24 października 2003 (05:26:05) można przeczytać: NF> HI ROBERT: NF> I apologise for mi ugly and diagrama thank you for the help. NF> This is the scheme of my network [cut out] NF> I`m using multipath default gateway because I want to balance the traffic NF> of my squid server (Is the proxy too). But I need the two networks go out NF> from its corresponding gateway. Ok, I understand that the squid proxy server resides on your gateway and you only want to load balance a proxy, not the lans. So you have to distinguish between traffic from-to proxy and from your lans and apply different routing policies. I thing the best Idea is to use classical firewall marking (-j MARK --set-mark xx) depending on type of traffic and then use policy routing selecting different scenarios using ip rule add prio <yyyy> fwmark <xx> table <bbb> Should work. I use similar setup for limiting selected traffic to single interface only in multipath router. NF> My problem is this: I can`t make everything that go out from one of the ISP NF> go out from the gateway that correspond to it. For example everything that NF> comes from ETH1 go out from ETH2. NF> I think the correct thing is everything comes from ETH1 go out from ETH0 NF> ---------------------------------------------------------------------------- NF> ------ NF> Esta es mi Conf NF> #removing old rules NF> echo "removing old rules" NF> ip rule del prio 50 table main NF> ip rule del prio 201 from 200.47.4.98/32 table 201 NF> ip rule del prio 202 from 200.80.32.158/32 table 202 NF> ip rule del prio 221 table 221 NF> echo "flushing tables" NF> ip route flush table 201 NF> ip route flush table 202 NF> ip route flush table 221 NF> echo "removing tables" NF> ip route del table 201 NF> ip route del table 202 NF> ip route del table 221 NF> # setting new rules NF> echo "Setting new routing rules" NF> # main table w/o default gateway here NF> ip rule add prio 50 table main NF> ip route del default table main NF> # identified routes here NF> ip rule add prio 201 from 200.47.4.98/32 table 201 NF> ip rule add prio 202 from 200.80.32.158/32 table 202 NF> ip route add default via 200.47.4.97 dev eth0 src 200.47.4.98 proto static NF> table 201 NF> ip route append prohibit default table 201 metric 1 proto static NF> ip route add default via 200.80.32.157 dev eth2 src 200.80.32.158 proto NF> static table 202 NF> ip route append prohibit default table 202 metric 1 proto static NF> # mutipath NF> ip rule add prio 221 table 221 NF> ip route add default table 221 proto static nexthop via 200.47.4.97 dev eth0 NF> weight 2 nexthop via NF> 200.80.32.157 dev eth2 weight 3 NF> ip route flush cache NF> exit NF> THANKS VERY MUCH AND SORRY FOR MI HIGHSCHOOL ENGLISH NF> ---------------------------------------------------------------------------- NF> --------------------------------- NF> Nicolas Fillon NF> Argentina NF> ----- Original Message ----- NF> From: "Robert Kurjata" <rkurjata@ire.pw.edu.pl> NF> To: <nixo@nixo.com.ar> NF> Cc: <lartc@mailman.ds9a.nl> NF> Sent: Thursday, October 23, 2003 4:13 AM NF> Subject: Re[2]: [LARTC] ''Help with routing''>> Witaj nixo, >> >> W Twoim liście datowanym 22 października 2003 (20:13:29) można przeczytać: >> >> Seems like I didn''t read your posting deeply enough. Before I can help >> I need to know some more details. >> >> Why are you using multipath default gateway? If you just need to make >> a proper routing for two separate lans going through one machine, not >> mixing them you should never use it. It''s usefull for NAT-ed lan >> inside, not for public IP''s. Just create simple routes without >> multipath. eth0 <-> eth1 and eth2 <-> eth3. >> >> >> nnca> Thank you very much for the solution, but I still have a problem andNF> I>> nnca> need help :) . The problem number one has been solved. When I traceNF> from>> nnca> any computer of my LAN, It`s go out from the right ISP. But after aNF> short>> nnca> time, is like if the rute was chached and it back to the sameNF> problem.>> nnca> (I´m getting paranoic :-P ) >> >> nnca> The Problem number two still happens when someone from outside traceNF> an IP>> nnca> from mi LAN. Always the before complete jump is responded for the >> nnca> interface who correnspond to the other ISP. >> >> nnca> Do you have an idea what can be the failure... or, can I call this a >> nnca> failure in my config? >> >> nnca> THANKS VERY MUCH >> nnca> Nicolas Fillon >> nnca> Argentina >> >> >> Hi nixo, >> >> >> >> I suppose you don''t preserve properly output address see my postting >> >> with script from 15th October this year :) >> >> (append prohibit default:) >> >> >> >> >> >> nnca> the scheme of my LAN is the next: >> >> >> >> nnca> eth0 isp1 /32 >> >> nnca> eth1 lan de isp1 (LAN With public IP /24) >> >> nnca> eth2 isp2 /32 >> >> nnca> eth3 lan de isp2 (LAN With public IP /26) >> >> >> >> nnca> ip route add 200.47.x.x/24 dev eth0 src 200.47.4.x table 1 >> >> nnca> ip route add default via 200.47.4.x table 1 >> >> >> >> >> >> nnca> ip route add 200.80.32.x/26 dev eth2 src 200.80.32.x table 2 >> >> nnca> ip route add default via 200.80.32.x table 2 >> >> >> >> >> >> >> >> nnca> ip rule add from 200.47.4.x table 1 >> >> nnca> ip rule add from 200.80.32.x table 2 >> >> >> >> nnca> ip route add default scope global nexthop via 200.47.4.x dev eth0 >> >> nexthop nnca> via >> >> nnca> 200.80.32.x dev eth2 >> >> >> >> nnca> ****** >> >> >> >> nnca> My problem is this: when I trace from the NETWORK of ISP1, >> >> sometimes the nnca> tracer go out from the gateway of ISP2 and vice >> >> versa >> >> >> >> nnca> And when someone trace an IP from my LAN of ISP1, it`s showme as >> >> before nnca> complete the gateway from ISP2 y vice versa. >> >> >> >> >> >> nnca> Mi question is: what is wrong in my config...??? What I need to >> >> put or is nnca> anything wrong with this config???. >> >> nnca> THANKS VERY MUCH AND SORRY FOR MI HIGHSCHOOL ENGLISH. >> >> >> >> >> >> -- >> Pozdrowienia, >> Robert mailto:rkurjata@ire.pw.edu.pl >> >> _______________________________________________ >> LARTC mailing list / LARTC@mailman.ds9a.nl >> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >>-- Pozdrowienia, Robert mailto:rkurjata@ire.pw.edu.pl _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/