thr3ads.net - Shorewall users - Multi Isp prerouting [May 2011]

If this information is useful, please help other people find it:
Share via:

Mike Lander

2011-May-14 20:12 UTC

Multi Isp prerouting

I am again faced with routing traffic out a gateway on my lan interface 
within the same subnet. Some time ago 
I got this to work. When I enter ISP3 in providers which is this gateway in 
my lan. Marking in the output chain 
continues to work. However it seems to break packet marking in the 
prerouting chain. I have commented out the 
offending ISP for now. And I am open to any ideas to do this a better way. 
I tried to talk this ISP into giving me
different private IP''s. The ISp in providers is an MPLS cloud.

#NAME	NUMBER	MARK	DUPLICATE	INTERFACE	GATEWAY		OPTIONS		COPY

rea	1	256	main		eth0		205.134.193.137		track,balance	eth3
atg	2	512	main		eth1		64.42.53.201		track,balance	eth3
#pay	3	768	main		eth3		10.19.227.254		track,balance	eth3

Gate:~ # shorewall show routing
Shorewall 4.4.19.3 Routing at Gate - Sat May 14 13:21:01 PDT 2011


Routing Rules

0:      from all lookup local 
1000:   from all to 10.194.244.0/24 lookup main 
1000:   from all to 10.194.79.0/24 lookup main 
1000:   from all to 10.192.139.0/24 lookup main 
1000:   from all to 10.5.198.0/24 lookup main 
1000:   from all to 10.143.99.0/24 lookup main 
1000:   from all to 10.10.182.0/24 lookup main 
1000:   from all to 208.67.188.32/27 lookup main 
10000:  from all fwmark 0x100/0xff00 lookup rea 
10001:  from all fwmark 0x200/0xff00 lookup atg 
20000:  from 205.134.193.138 lookup rea 
20256:  from 64.42.53.204 lookup atg 
32766:  from all lookup main 
32767:  from all lookup default 

Table atg:

10.19.227.254 dev eth3  scope link  src 10.19.227.20 
64.42.53.201 dev eth1  scope link  src 64.42.53.204 
64.42.53.200/29 dev eth1  proto kernel  scope link  src 64.42.53.204 
192.168.50.0/24 dev eth3  proto kernel  scope link  src 192.168.50.1 
10.10.182.0/24 via 10.19.227.254 dev eth3 
10.194.244.0/24 via 10.19.227.254 dev eth3 
10.192.139.0/24 via 10.19.227.254 dev eth3 
10.19.227.0/24 dev eth3  proto kernel  scope link  src 10.19.227.20 
default via 64.42.53.201 dev eth1  src 64.42.53.204 

Table default:


Table local:

broadcast 127.255.255.255 dev lo  proto kernel  scope link  src 127.0.0.1 
broadcast 10.19.227.0 dev eth3  proto kernel  scope link  src 10.19.227.20 

broadcast 205.134.193.143 dev eth0  proto kernel  scope link  src 
205.134.193.138 
local 172.16.2.1 dev tun5  proto kernel  scope host  src 172.16.2.1 
local 192.168.50.1 dev eth3  proto kernel  scope host  src 192.168.50.1 
broadcast 205.134.193.136 dev eth0  proto kernel  scope link  src 
205.134.193.138 
broadcast 192.168.50.0 dev eth3  proto kernel  scope link  src 192.168.50.1 

local 172.16.10.1 dev tun6  proto kernel  scope host  src 172.16.10.1 
local 205.134.193.138 dev eth0  proto kernel  scope host  src 
205.134.193.138 
local 10.19.227.20 dev eth3  proto kernel  scope host  src 10.19.227.20 
local 64.42.53.204 dev eth1  proto kernel  scope host  src 64.42.53.204 
local 64.42.53.204 dev eth2  proto kernel  scope host  src 64.42.53.204 
broadcast 10.19.227.255 dev eth3  proto kernel  scope link  src 
10.19.227.20 
broadcast 64.42.53.207 dev eth1  proto kernel  scope link  src 64.42.53.204 

local 172.16.3.1 dev tun2  proto kernel  scope host  src 172.16.3.1 
broadcast 64.42.53.200 dev eth1  proto kernel  scope link  src 64.42.53.204 

local 127.0.0.2 dev lo  proto kernel  scope host  src 127.0.0.1 
broadcast 192.168.50.255 dev eth3  proto kernel  scope link  src 
192.168.50.1 
local 172.16.9.1 dev tun3  proto kernel  scope host  src 172.16.9.1 
broadcast 127.0.0.0 dev lo  proto kernel  scope link  src 127.0.0.1 
local 172.16.15.1 dev tun4  proto kernel  scope host  src 172.16.15.1 
local 127.0.0.1 dev lo  proto kernel  scope host  src 127.0.0.1 
local 127.0.0.0/8 dev lo  proto kernel  scope host  src 127.0.0.1 

Table main:

205.134.193.137 dev eth0  scope link  src 205.134.193.138 
172.16.10.2 dev tun6  proto kernel  scope link  src 172.16.10.1 
172.16.2.2 dev tun5  proto kernel  scope link  src 172.16.2.1 
10.19.227.254 dev eth3  scope link  src 10.19.227.20 
172.16.15.2 dev tun4  proto kernel  scope link  src 172.16.15.1 
64.42.53.201 dev eth1  scope link  src 64.42.53.204 
172.16.9.2 dev tun3  proto kernel  scope link  src 172.16.9.1 
172.16.3.2 dev tun2  proto kernel  scope link  src 172.16.3.1 
205.134.193.136/29 dev eth0  proto kernel  scope link  src 205.134.193.138 

64.42.53.200/29 dev eth1  proto kernel  scope link  src 64.42.53.204 
192.168.100.0/24 via 172.16.2.2 dev tun5 
192.168.50.0/24 dev eth3  proto kernel  scope link  src 192.168.50.1 
10.10.182.0/24 via 10.19.227.254 dev eth3 
10.194.244.0/24 via 10.19.227.254 dev eth3 
10.194.79.0/24 via 172.16.10.2 dev tun6 
10.192.139.0/24 via 10.19.227.254 dev eth3 
10.4.138.0/24 via 172.16.15.2 dev tun4 
10.19.227.0/24 dev eth3  proto kernel  scope link  src 10.19.227.20 
10.5.198.0/24 via 172.16.9.2 dev tun3 
10.143.99.0/24 via 172.16.3.2 dev tun2 
169.254.0.0/16 dev eth0  scope link 
127.0.0.0/8 dev lo  scope link 
default 
        nexthop via 205.134.193.137  dev eth0 weight 1
        nexthop via 64.42.53.201  dev eth1 weight 1

Table rea:

205.134.193.137 dev eth0  scope link  src 205.134.193.138 
10.19.227.254 dev eth3  scope link  src 10.19.227.20 
205.134.193.136/29 dev eth0  proto kernel  scope link  src 205.134.193.138 

192.168.50.0/24 dev eth3  proto kernel  scope link  src 192.168.50.1 
10.10.182.0/24 via 10.19.227.254 dev eth3 
10.194.244.0/24 via 10.19.227.254 dev eth3 
10.192.139.0/24 via 10.19.227.254 dev eth3 
10.19.227.0/24 dev eth3  proto kernel  scope link  src 10.19.227.20 
169.254.0.0/16 dev eth0  scope link 
default via 205.134.193.137 dev eth0  src 205.134.193.138 
Gate:~ # ^C
Gate:~ # 

Mike


------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay

Tom Eastep

2011-May-14 20:47 UTC

head link

Re: Multi Isp prerouting

On May 14, 2011, at 1:12 PM, Mike Lander wrote:
> I am again faced with routing traffic out a gateway on my lan interface 
> within the same subnet. Some time ago 
> I got this to work. When I enter ISP3 in providers which is this gateway in
> my lan. Marking in the output chain 
> continues to work. However it seems to break packet marking in the 
> prerouting chain. I have commented out the 
> offending ISP for now. And I am open to any ideas to do this a better way. 
> I tried to talk this ISP into giving me
> different private IP''s. The ISp in providers is an MPLS cloud.
> 
What do you want to use this default route for? It seems doubtful that you want
to balance it with your existing two providers.

-Tom

Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay

Shorewall users - May 2011 - Multi Isp prerouting

Multi Isp prerouting

Re: Multi Isp prerouting