Hi all Does anyone know if i can use ethernet aliases like eth0:1 in advanced routing like multipath routing in order to avoid to have nxEthernet interfaces in my Linux box. Thansk in advanced -- Guillermo Gomez <ggomez@neotechgw.net> neotech _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Thanks guys for such quick response :) coool
Well let me go deeper now with my routing issuess.
My desirable topology is:
LAN ---- Linux Box ---- eth0 -- dsl router (dhcp)
eth0:1 -- Frame Router ISP1 (fixed ip range)
eth0:2 -- Frame Router ISP2 (fixed ip range)
Then i would config:
eth0 according dhcp server aa.aa.aa.aa
eth0:1 xx.xx.xx.xx
eth0:2 yy.yy.yy.yy
The idea is to balance the outgoing traffic through the three ISPs. One
little trouble is dhcp renewal (it always tries to set the default
gateway, anyone knows how to avoid that? i could find out from
dhcp-client-leases and then configure myself at the right place at the
right moment).
According to the FAQ i need to guarantee first that any request from
eth0 IPADDR goes to the right gateway and so on with eth0:1 and eth0:2
(that''s reasonable).
After that i would do the multipath config. The question goes now with
the NAT stuff, how can i do the SNAT after balancing the traffic with
the multipath routing? I can''t do:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT aa.aa.aa.aa
iptables -t nat -A POSTROUTING -o eth0:1 -j SNAT xx.xx.xx.xx
iptables -t nat -A POSTROUTING -o eth0:2 -j SNAT yy.yy.yy.yy
iptables just does not likes eth0:1 neither eth0:2, is this the right
behaviour of iptables or what? i read something about NAT in advance
routing engine but never used before and i''m little confuse on how it
works. Will it crash with iptables NAT engine?
Just to finish to build the router i need to do DNAT for my internal
servers but that''s trivial with iptables but anyway it would be great
to
know how to do it with a single tool (don''t need to do firewalling in
this machine so far, just routing and stateless nat, our should it be
statefull? hmmmm need to think about).
Heeey, does anyone knows if someone has translated the LARTC-FAQs to
Spanish? I could do that :) I would like to contribute...
Kind regards
Guillermo
--
Guillermo Gomez <ggomez@neotechgw.net>
neotech
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi Guillermo,> iptables just does not likes eth0:1 neither eth0:2, is this the right > behaviour of iptables or what? i read something about NAT in advance > routing engine but never used before and i''m little confuse on how it > works. Will it crash with iptables NAT engine?As far as I know, the ethX:X terminology is just for ifconfig usage. Inside the kernel, eth0:1 is exactly the same as eth0. So for iptables rules, you just use the eth0:1 IP address with eth0. this is the same way the ''ip'' tool works too. Regards, Damion. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Damion de Soto - Software Engineer email: damion@snapgear.com SnapGear - A CyberGuard Company --- ph: +61 7 3435 2809 | Custom Embedded Solutions fax: +61 7 3891 3630 | and Security Appliances web: http://www.snapgear.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- Free Embedded Linux Distro at http://www.snapgear.org --- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Got it, thanks Damion It was so easy to think in using directly ethx:y in iptables :( Anyway,my point is that i need to do SNAT in a three ISP environment with multipath routing to balance the outgoing traffic. So far i decided to go with separate Ethernet cards so i will go back to the aliasing thing later. Now i will do NAT with iptables in separate cards in POSTROUTING chain (after routing decision has taken). By the way, what''s the behaviour of multipath routing if one of the providers goes down ? Should i take care manually to take it out from the multipath ? Guillermo On Sun, 2003-12-07 at 20:37, Damion de Soto wrote:> Hi Guillermo, > > > iptables just does not likes eth0:1 neither eth0:2, is this the right > > behaviour of iptables or what? i read something about NAT in advance > > routing engine but never used before and i''m little confuse on how it > > works. Will it crash with iptables NAT engine? > As far as I know, the ethX:X terminology is just for ifconfig usage. > Inside the kernel, eth0:1 is exactly the same as eth0. > So for iptables rules, you just use the eth0:1 IP address with eth0. > this is the same way the ''ip'' tool works too. > > > Regards, > Damion. >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Thursday, 04 December 2003, at 11:06:58 -0400, Guillermo Gomez wrote:> Does anyone know if i can use ethernet aliases like eth0:1 in advanced > routing like multipath routing in order to avoid to have nxEthernet > interfaces in my Linux box. >I think it is always better to think "in ip terms" instead of "in ifconfig terms" with respect to multiple IP addresses assigned to the same network interface. I don''t know exactly for "ifconfig", but the syntax for "ip address" states clearly what seems to be happening behind the scenes: # ip address add 172.16.1.1/24 broad + dev eth1 # ip address add 172.16.2.1/24 broad + dev eth1 # ip address add 172.16.3.1/24 broad + dev eth1 So what you are doing is assigning several IP to the same physical interface, and you deal just with IP, anything else. # ip address show dev eth1 2: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:05:1c:09:f2:14 brd ff:ff:ff:ff:ff:ff inet 192.168.1.12/24 brd 192.168.1.255 scope global eth0 inet 172.16.1.1/24 brd 172.16.1.255 scope global eth0 inet 172.16.2.1/24 brd 172.16.2.255 scope global eth0 inet 172.16.3.1/24 brd 172.16.3.255 scope global eth0 Greetings. -- Jose Luis Domingo Lopez Linux Registered User #189436 Debian Linux Sid (Linux 2.6.0-test10-mm1) _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Guillermo Gomez wrote:> By the way, what''s the behaviour of multipath routing if one of the > providers goes down ? Should i take care manually to take it out from > the multipath ?I think it will still try to be routed out the link that is down. The linux kernel only removes routes if the actual eth device goes down. You''ll need some way of determining which links are down and removing the routes. have you read: http://www.ssi.bg/~ja/nano.txt You probabaly don''t want to use all of that, but some parts will be suitable. Regards, -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Damion de Soto - Software Engineer email: damion@snapgear.com SnapGear - A CyberGuard Company --- ph: +61 7 3435 2809 | Custom Embedded Solutions fax: +61 7 3891 3630 | and Security Appliances web: http://www.snapgear.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- Free Embedded Linux Distro at http://www.snapgear.org --- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/