Hello,I have single linux router ( fedora core 1 ), 2 ISP, 1 internal network,1 IP space from every ISP My scenario: eth0 1.0.0.2 netmask 255.255.255.252 -> ISP 1 eth1 2.0.0.2 netmask 255.255.255.252 -> ISP 2 eth2 1.0.1.1 netmask 255.255.255.0 -> IP space from ISP1 eth3 2.0.1.1 netmask 255.255.255.0 -> IP space from ISP2 Config I try: /etc/iproute2/rt_tables: 10 isp1 20 isp2 ip add rule from 1.0.1.0/24 table isp1 ip add rule from 2.0.1.0/24 table isp2 route del default ip route add default via 1.0.0.1 table isp1 ip route add default via 2.0.0.1 table isp2 At this point workstations connected to eth2 and eth3 connect to internet fine. BUT: with this config I can''t communicate with workstations. If I try ''ping 1.0.1.2'' I can see thah all packets with source IP1.0.1.1 are sent to eth0, and packets with source IP 2.0.1.1 are sent to eth1. #ip route get from 1.0.1.1 to 1.0.1.2 1.0.1.2 from 1.0.1.1 via 1.0.0.1 So, question is: How to setup iproute2, so kernel first consult internal routing table: 1.0.1.0/24 dev eth2 proto kernel scope link src 1.0.1.1 2.0.1.0/24 dev eth3 proto kernel scope link src 2.0.1.1 and AFTER THIS default routes I create with ''ip route default via ...'' PS: All IP''s are real, I don''t use 10.x.x.x... _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
I read carefully "Guide to IP Layer Networking", but this don''t give idea how to make this simple ( I think ) route. My logic is: If packet coming from source adress 1.0.1.0/24 AND destination is NOT localy connected host ( 1.0.1.0/24 OR 2.0.1.0/24 OR 127.0.0.0/8 ), send it to ISP1 gateway 1.0.0.1. If packet coming from source adress 2.0.1.0/24 AND destination is NOT localy connected host ( 1.0.1.0/24 OR 2.0.1.0/24 OR 127.0.0.0/8 ), send it to ISP2 gateway 2.0.0.1. If packet coming ( from ISP1 or ISP2 ) have destination adress 1.0.1.0/24 OR 2.0.1.0/24 send it to coresponding eth interface. As see, there is NOT default route, all other source/destination combination will be droped ( with ICMP host unreachable may be? ). I can''t believe, that no one use single Linux router like this.... lartc@pro-technica.com writes:> Hello,I have single linux router ( fedora core 1 ), 2 ISP, 1 internal > network,1 IP space from every ISP > My scenario: > eth0 1.0.0.2 netmask 255.255.255.252 -> ISP 1 > eth1 2.0.0.2 netmask 255.255.255.252 -> ISP 2 > eth2 1.0.1.1 netmask 255.255.255.0 -> IP space from ISP1 > eth3 2.0.1.1 netmask 255.255.255.0 -> IP space from ISP2 > > Config I try: > /etc/iproute2/rt_tables: > 10 isp1 > 20 isp2 > > ip add rule from 1.0.1.0/24 table isp1 > ip add rule from 2.0.1.0/24 table isp2 > route del default > ip route add default via 1.0.0.1 table isp1 > ip route add default via 2.0.0.1 table isp2 > > At this point workstations connected to eth2 and eth3 connect to internet > fine. > BUT: with this config I can''t communicate with workstations. If I try > ''ping 1.0.1.2'' I can see thah all packets with source IP1.0.1.1 are sent > to eth0, and packets with source IP 2.0.1.1 are sent to eth1. > > #ip route get from 1.0.1.1 to 1.0.1.2 > 1.0.1.2 from 1.0.1.1 via 1.0.0.1 > > So, question is: How to setup iproute2, so kernel first consult internal > routing table: > 1.0.1.0/24 dev eth2 proto kernel scope link src 1.0.1.1 > 2.0.1.0/24 dev eth3 proto kernel scope link src 2.0.1.1 > > and AFTER THIS default routes I create with ''ip route default via ...'' > > PS: All IP''s are real, I don''t use 10.x.x.x... > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hello, : I read carefully "Guide to IP Layer Networking", but this don''t give : idea how to make this simple ( I think ) route. My logic is: Perhaps I should rewrite that section..... Here are my assumptions before the below. A main routing table with routes to all of the local networks, but no default route. { echo 10 ISP1 echo 20 ISP2 ; } >> /etc/iproute2/rt_tables : If packet coming from source adress 1.0.1.0/24 AND destination is NOT localy : connected host ( 1.0.1.0/24 OR 2.0.1.0/24 OR 127.0.0.0/8 ), send it to ISP1 : gateway 1.0.0.1. ip rule add prio 979 from 1.0.1.0/24 table main ip rule add prio 980 from 1.0.1.0/24 table ISP1 ip route add default via 1.0.0.1 table ISP1 This will allow packets with a source address of 1.0.1.0/24 to reach locally connect networks and the Internet via ISP1. By selecting the main routing table first, you''ll be sure to allow access to the locally connected networks to and from each of the other locally connected networks. : If packet coming from source adress 2.0.1.0/24 AND destination is NOT localy : connected host ( 1.0.1.0/24 OR 2.0.1.0/24 OR 127.0.0.0/8 ), send it to ISP2 : gateway 2.0.0.1. ip rule add prio 969 from 2.0.1.0/24 table main ip rule add prio 970 from 2.0.1.0/24 table ISP2 ip route add default via 2.0.0.1 table ISP2 : If packet coming ( from ISP1 or ISP2 ) have destination adress : 1.0.1.0/24 OR 2.0.1.0/24 send it to coresponding eth interface. Quite! : As see, there is NOT default route, all other source/destination : combination will be droped ( with ICMP host unreachable may be? ). This should happen naturally with the above configuration, but you may wish to consider the following as well: ip rule del prio 32766 table main ip rule add prio 32766 unreachable This should force your box to send ICMP unreachables for any host not found in any of the routing table lookups. If you decide to do remove the final rule which refers to the main routing table, don''t forget about loopback traffic: ip rule add prio 990 from 127.0.0.0/8 table main : I can''t believe, that no one use single Linux router like this.... Nor can I. It''s possible that the 38 people who have done this remain silent. In your earlier mail..... : ip add rule from 1.0.1.0/24 table isp1 : ip add rule from 2.0.1.0/24 table isp2 : route del default : ip route add default via 1.0.0.1 table isp1 : ip route add default via 2.0.0.1 table isp2 The problem is that tables isp1 and isp2 do not contain routes for networks 2.0.1.0/24 and 1.0.1.0/24 respectively. Inverting the lookup logic (as I do above), so that the default route is selected after the local routes prevents this from being a problem. : BUT: with this config I can''t communicate with workstations. If I try : ''ping 1.0.1.2'' I can see thah all packets with source IP1.0.1.1 are : sent to eth0, and packets with source IP 2.0.1.1 are sent to eth1. : : #ip route get from 1.0.1.1 to 1.0.1.2 : 1.0.1.2 from 1.0.1.1 via 1.0.0.1 Exactly as I expected, given your config. Let us know if you have success! Good luck! -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/