Sorry for re-posting, but I''d really need a help...
Hi all,
i''m puzzled by a ploblem and I don''t know how to debug
it...
I have a firewall with 2 gateways, adsl and isdn. Main gateway is via
adsl, backup via isdn. I setup 2 table ''adsl'' and
''isdn''. You can find a
description below.
I made a script to test both tables. That mainly
1. adds an
iptables -t mangle -A OUTPUT -d my_test_ping_node -j MARK --set-mark 3
2. adds:
ip rule add fwmark 3 table isdn
3. ip route flush cloned
4. ping to my_test_ping_node (here 217.27.90.70)
I correctly obtain that ping packets go to the router, reach the test,
get back to the interface... but ping don''t show anything
I see them w/ tcpdump on the firewall:
12:42:00.671314 IP 192.168.111.1 > 217.27.90.70: icmp 64: echo request seq 1
12:42:00.720840 IP 217.27.90.70 > 192.168.111.1: icmp 64: echo reply seq 1
I''m sure i''m not firewalling (I use log, and nothing gets
logged). If I
change default route to isdn, ping work correctly.
This is not the first time I get into this situation, but I never
understood what solved it.
I''m convinced it is a routing problem, but I''m clueless:
what can it be in
between the packet ass seen by tcpdump and the fact that ping shows it?
Is there a way to see which rule a packet is really using?
Thanks a lot for any possible explanation
sandro
*:-)
lo: 127.0.0.1/8
[eth0]:
eth1: 192.168.11.254/24
eth2: 80.20.60.252/29 ==> GW 80.20.60.249 - main adsl
eth3: 192.168.111.1/24 ==> GW 192.168.111.254 - isdn
[eth4]:
### TABLE main:
80.20.60.248/29 dev eth2 proto kernel scope link src 80.20.60.252
192.168.111.0/24 dev eth3 proto kernel scope link src 192.168.111.1
192.168.11.0/24 dev eth1 proto kernel scope link src 192.168.11.254
default via 80.20.60.249 dev eth2
### TABLE adsl:
80.20.60.248/29 dev eth2 scope link src 80.20.60.252
192.168.111.0/24 dev eth3 scope link src 192.168.111.1
192.168.11.0/24 dev eth1 scope link src 192.168.11.254
default via 80.20.60.249 dev eth2
### TABLE isdn:
80.20.60.248/29 dev eth2 scope link src 80.20.60.252
192.168.111.0/24 dev eth3 scope link src 192.168.111.1
192.168.11.0/24 dev eth1 scope link src 192.168.11.254
default via 192.168.111.254 dev eth3
### RULES:
0: from all lookup local
39: from all fwmark 0x3 lookup isdn
40: from 80.20.60.248/29 lookup adsl
41: from 192.168.111.0/24 lookup isdn
48: from 192.168.11.0/24 lookup adsl
50: from all iif eth3 lookup isdn
52: from all iif eth2 lookup adsl
32766: from all lookup main
32767: from all lookup default
--
Sandro Dentella *:-)
e-mail: sandro@e-den.it
http://www.tksql.org TkSQL Home page - My GPL work