LARTC - Dec 2005 - Network Routing

Hi,

I have a linux router with 4 ethernet cards; eth0 through eth3. Basically,
all I want to do is route all traffic from eth2 to eth0, and all traffic
from eth1 to eth3.

I''ve looked through the LARTC how-to, specifically at chapter 4, about
multiple providers. However, I am still a bit confused, and not sure how to
set up my routing tables, as my scenario differs from the one in the
example.

Any help would be appreciated.

Many thanks, 

Paul

---
Paul Lewis (paul.lewis@st-annes.ox.ac.uk)
Part II Student
Materials Science
University of Oxford

On Wed, 7 Dec 2005 15:47:00 -0000 "Paul Lewis"
<paul.lewis@st-annes.oxford.ac.uk> wrote:
>Hi,
hi
>I have a linux router with 4 ethernet cards; eth0 through eth3. Basically,
>all I want to do is route all traffic from eth2 to eth0, and all traffic
>from eth1 to eth3.
This is easy, just set up 2 new routing tables and add rules to assign the
packets to the correct one.

Let''s say you have
eth0: 1.2.0.2/30 (gateway 10.2.0.1)
eth1: 192.168.0.1/24
eth2: 192.168.1.1/24
eth3: 1.3.0.2/30 (gateway 10.3.0.1)

Then you do something like:

ip rule add from 192.168.0.0/24 table 101
ip rule add from 192.168.1.0/24 table 102
ip route add 192.168.0.0/24 dev eth1 table 101
ip route add 192.168.1.0/24 dev eth2 table 101
ip route add 127.0.0.1/8 dev lo table 101
ip route add default via 10.3.0.1 dev eth3 table 101
ip route add 192.168.0.0/24 dev eth1 table 102
ip route add 192.168.1.0/24 dev eth2 table 102
ip route add 127.0.0.1/8 dev lo table 102
ip route add default via 10.2.0.1 dev eth0 table 102

(it''s likely I forgot some detail or have a typo there, it''s
just an example)
>Paul
Yours sincerely,
Peter

-- 
http://www.shurdix.org - Linux distribution for routers and firewalls

I wouldn''t make it more difficult with separate routing tables. Just
set the firewall to allow traffic between the interfaces you want,
drop the rest and that''s it. I mean:

iptables -A FORWARD -i eth0 -o eth2 -j ACCEPT
iptables -A FORWARD -i eth2 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth3 -j ACCEPT
iptables -A FORWARD -i eth3 -o eth1 -j ACCEPT

# default policy
iptables -P FORWARD DROP

That should make it.... only of this router is their default gw or at
least the router to the other network the hosts want to reach.

On 12/7/05, Paul Lewis <paul.lewis@st-annes.oxford.ac.uk>
wrote:
> Hi,
>
> The output from route -n is shown below:
>
> 192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0
eth0
> 192.168.20.0    0.0.0.0         255.255.255.0   U     0      0        0
eth3
> 192.168.14.0    0.0.0.0         255.255.254.0   U     0      0        0
eth4
> 192.168.4.0     0.0.0.0         255.255.252.0   U     0      0        0
eth2
> 192.168.0.0     0.0.0.0         255.255.252.0   U     0      0        0
eth1
> 169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0
eth4
> 0.0.0.0         192.168.100.254 0.0.0.0         UG    0      0        0
eth0
>
> And here is the output from ifconfig (edited down to save space):
>
> eth0      Link encap:Ethernet  HWaddr 00:14:22:09:FB:1A
>           inet addr:192.168.100.253  Bcast:192.168.100.255
> Mask:255.255.255.0
>           inet6 addr: fe80::214:22ff:fe09:fb1a/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>
> eth1      Link encap:Ethernet  HWaddr 00:04:23:BB:89:9C
>           inet addr:192.168.3.253  Bcast:192.168.3.255  Mask:255.255.252.0
>           inet6 addr: fe80::204:23ff:febb:899c/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>
> eth2      Link encap:Ethernet  HWaddr 00:04:23:BB:89:9D
>           inet addr:192.168.7.253  Bcast:192.168.7.255  Mask:255.255.252.0
>           inet6 addr: fe80::204:23ff:febb:899d/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>
> eth3      Link encap:Ethernet  HWaddr 00:14:22:09:FB:1B
>           inet addr:192.168.20.253  Bcast:192.168.20.255 
Mask:255.255.255.0
>           inet6 addr: fe80::214:22ff:fe09:fb1b/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           inet6 addr: ::1/128 Scope:Host
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>
> Cheers,
>
> Paul
>
> ---
> Paul Lewis (paul.lewis@st-annes.ox.ac.uk)
> Part II Student
> Materials Science
> University of Oxford
>
>
>
> -----Original Message-----
> From: Edmundo Carmona [mailto:eantoranz@gmail.com]
> Sent: 07 December 2005 16:00
> To: Paul Lewis
> Subject: Re: [LARTC] Network Routing
>
> to start with: what is the output of route -n or ip route show default
>
> On 12/7/05, Paul Lewis <paul.lewis@st-annes.oxford.ac.uk> wrote:
> > Hi,
> >
> > I have a linux router with 4 ethernet cards; eth0 through eth3.
Basically,
> > all I want to do is route all traffic from eth2 to eth0, and all
traffic
> > from eth1 to eth3.
> >
> > I''ve looked through the LARTC how-to, specifically at chapter
4, about
> > multiple providers. However, I am still a bit confused, and not sure
how
> to
> > set up my routing tables, as my scenario differs from the one in the
> > example.
> >
> > Any help would be appreciated.
> >
> > Many thanks,
> >
> > Paul
> >
> > ---
> > Paul Lewis (paul.lewis@st-annes.ox.ac.uk)
> > Part II Student
> > Materials Science
> > University of Oxford
> >
> >
> >
> >
> > _______________________________________________
> > LARTC mailing list
> > LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> >
>
>
>

oh... and of course: echo 1  > /proc/sys/net/ipv4/ip_forward

On 12/7/05, Edmundo Carmona <eantoranz@gmail.com>
wrote:
> I wouldn''t make it more difficult with separate routing tables.
Just
> set the firewall to allow traffic between the interfaces you want,
> drop the rest and that''s it. I mean:
>
> iptables -A FORWARD -i eth0 -o eth2 -j ACCEPT
> iptables -A FORWARD -i eth2 -o eth0 -j ACCEPT
> iptables -A FORWARD -i eth1 -o eth3 -j ACCEPT
> iptables -A FORWARD -i eth3 -o eth1 -j ACCEPT
>
> # default policy
> iptables -P FORWARD DROP
>
> That should make it.... only of this router is their default gw or at
> least the router to the other network the hosts want to reach.
>
> On 12/7/05, Paul Lewis <paul.lewis@st-annes.oxford.ac.uk> wrote:
> > Hi,
> >
> > The output from route -n is shown below:
> >
> > 192.168.100.0   0.0.0.0         255.255.255.0   U     0      0       
0 eth0
> > 192.168.20.0    0.0.0.0         255.255.255.0   U     0      0       
0 eth3
> > 192.168.14.0    0.0.0.0         255.255.254.0   U     0      0       
0 eth4
> > 192.168.4.0     0.0.0.0         255.255.252.0   U     0      0       
0 eth2
> > 192.168.0.0     0.0.0.0         255.255.252.0   U     0      0       
0 eth1
> > 169.254.0.0     0.0.0.0         255.255.0.0     U     0      0       
0 eth4
> > 0.0.0.0         192.168.100.254 0.0.0.0         UG    0      0       
0 eth0
> >
> > And here is the output from ifconfig (edited down to save space):
> >
> > eth0      Link encap:Ethernet  HWaddr 00:14:22:09:FB:1A
> >           inet addr:192.168.100.253  Bcast:192.168.100.255
> > Mask:255.255.255.0
> >           inet6 addr: fe80::214:22ff:fe09:fb1a/64 Scope:Link
> >           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> >
> > eth1      Link encap:Ethernet  HWaddr 00:04:23:BB:89:9C
> >           inet addr:192.168.3.253  Bcast:192.168.3.255 
Mask:255.255.252.0
> >           inet6 addr: fe80::204:23ff:febb:899c/64 Scope:Link
> >           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> >
> > eth2      Link encap:Ethernet  HWaddr 00:04:23:BB:89:9D
> >           inet addr:192.168.7.253  Bcast:192.168.7.255 
Mask:255.255.252.0
> >           inet6 addr: fe80::204:23ff:febb:899d/64 Scope:Link
> >           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> >
> > eth3      Link encap:Ethernet  HWaddr 00:14:22:09:FB:1B
> >           inet addr:192.168.20.253  Bcast:192.168.20.255 
Mask:255.255.255.0
> >           inet6 addr: fe80::214:22ff:fe09:fb1b/64 Scope:Link
> >           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> >
> > lo        Link encap:Local Loopback
> >           inet addr:127.0.0.1  Mask:255.0.0.0
> >           inet6 addr: ::1/128 Scope:Host
> >           UP LOOPBACK RUNNING  MTU:16436  Metric:1
> >
> > Cheers,
> >
> > Paul
> >
> > ---
> > Paul Lewis (paul.lewis@st-annes.ox.ac.uk)
> > Part II Student
> > Materials Science
> > University of Oxford
> >
> >
> >
> > -----Original Message-----
> > From: Edmundo Carmona [mailto:eantoranz@gmail.com]
> > Sent: 07 December 2005 16:00
> > To: Paul Lewis
> > Subject: Re: [LARTC] Network Routing
> >
> > to start with: what is the output of route -n or ip route show default
> >
> > On 12/7/05, Paul Lewis <paul.lewis@st-annes.oxford.ac.uk> wrote:
> > > Hi,
> > >
> > > I have a linux router with 4 ethernet cards; eth0 through eth3.
Basically,
> > > all I want to do is route all traffic from eth2 to eth0, and all
traffic
> > > from eth1 to eth3.
> > >
> > > I''ve looked through the LARTC how-to, specifically at
chapter 4, about
> > > multiple providers. However, I am still a bit confused, and not
sure how
> > to
> > > set up my routing tables, as my scenario differs from the one in
the
> > > example.
> > >
> > > Any help would be appreciated.
> > >
> > > Many thanks,
> > >
> > > Paul
> > >
> > > ---
> > > Paul Lewis (paul.lewis@st-annes.ox.ac.uk)
> > > Part II Student
> > > Materials Science
> > > University of Oxford
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > LARTC mailing list
> > > LARTC@mailman.ds9a.nl
> > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> > >
> >
> >
> >
>