We have added a second ISP to our gateway and we just want to redirect a couple internal addresses to this secondary link just to test the connection as a replacement for our current one, not as a load balance or failover. Since we are using Quagga to build dynamic routes between our multiple locations I cannot use the method described in the how-to of having both providers with track, and balance because these dynamic routes are added only to the main routing table. So my goal is to keep everyone on the main routing table and use tcrules to route a couple desktops to the second provider table. I have attached a shorewall dump, but what I''ve done basically is removed balance, and track from both providers and set a rule in tcrules for one internal IP 10.0.0.115 to get marked 2:P. This way the main routing table isn''t modified by shorewall but secondary routing tables are created and setup for routing marked packets. The problem I am having is that response packets are being caught as martians on the second provider interface eth2. This problem is specifically mentioned in the MultiISP how-to but as far as I can tell my configuration doesn''t match any of the three mentioned. Nov 30 12:02:20 slc-gw-01 martian source 10.0.0.115 from 204.14.20.25, on dev eth2 Nov 30 12:02:20 slc-gw-01 ll header: 00:15:17:3d:cd:f2:00:0c:42:20:52:aa:08:00 ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what''s new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
We have added a second ISP to our gateway and we just want to redirect a couple internal addresses to this secondary link just to test the connection as a replacement for our current one, not as a load balance or failover. Since we are using Quagga to build dynamic routes between our multiple locations I cannot use the method described in the how-to of having both providers with track, and balance because these dynamic routes are added only to the main routing table. So my goal is to keep everyone on the main routing table and use tcrules to route a couple desktops to the second provider table. I have attached a shorewall dump, but what I''ve done basically is removed balance, and track from both providers and set a rule in tcrules for one internal IP 10.0.0.115 to get marked 2:P. This way the main routing table isn''t modified by shorewall but secondary routing tables are created and setup for routing marked packets. The problem I am having is that response packets are being caught as martians on the second provider interface eth2. This problem is specifically mentioned in the MultiISP how-to but as far as I can tell my configuration doesn''t match any of the three mentioned. Nov 30 12:02:20 slc-gw-01 martian source 10.0.0.115 from 204.14.20.25, on dev eth2 Nov 30 12:02:20 slc-gw-01 ll header: 00:15:17:3d:cd:f2:00:0c:42:20:52:aa:08:00 ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what''s new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
Joshua Perry wrote:> We have added a second ISP to our gateway and we just want to redirect a > couple internal addresses to this secondary link just to test the > connection as a replacement for our current one, not as a load balance > or failover. > > Since we are using Quagga to build dynamic routes between our multiple > locations I cannot use the method described in the how-to of having both > providers with track, and balance because these dynamic routes are added > only to the main routing table. So my goal is to keep everyone on the > main routing table and use tcrules to route a couple desktops to the > second provider table. > > I have attached a shorewall dump, but what I''ve done basically is > removed balance, and track from both providers and set a rule in tcrules > for one internal IP 10.0.0.115 to get marked 2:P. This way the main > routing table isn''t modified by shorewall but secondary routing tables > are created and setup for routing marked packets. The problem I am > having is that response packets are being caught as martians on the > second provider interface eth2. This problem is specifically mentioned > in the MultiISP how-to but as far as I can tell my configuration doesn''t > match any of the three mentioned. > > Nov 30 12:02:20 slc-gw-01 martian source 10.0.0.115 from 204.14.20.25, > on dev eth2 > Nov 30 12:02:20 slc-gw-01 ll header: > 00:15:17:3d:cd:f2:00:0c:42:20:52:aa:08:00Turn off reverse path filtering (route filtering) on eth2. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what''s new with Crystal Reports now. http://p.sf.net/sfu/bobj-july