similar to: Route policy preference value

I already setup several 2 gateways boxes, with rules too decide which lan should use which gateway. Now I''m stuck with a simpler problem. At home I was just making some experimental setup: * 1 adsl (ppp0) * 1 more tables in rt_tables (200 ping) called "bluff" * table ''bluff *has not* a default route root@fw-eden root # ip ro li table bluff

hi there, I just wanted to share a recent discovery I did on how to setup a secure VPN implementation for linux 2.4.x (I''m using 2.4.20 but it should be working, as far as documentation states, for > 2.4.18) without using FreeS/WAN. The tool (ipsec_tunnel: http://ringstrom.mine.nu/ipsec_tunnel/, by Tobias Ringström) is a kernel module based on ipip and ip_gre. It uses CyptoAPI to

Hello all, I am going through the LARTC howto to understand how the iproute2 works. But some concepts like Policy Routing, RPDB etc are not clear to me. I am pretty new to iproute, beeing using route command for long... From what I understand 1. rules (ip rule) tell how to select packets for routing and route (ip route) tell where to route the selected packets. 2. A collection of rules is

Hello, everyone! I would like to solve the following problem. Btw, I''m terribly sorry about the pseudo-asciiart, but that''s all I can paint as a tropology. I''m hoping it''ll be enough. ----Internet---- | | | eth0 machine A routing+ipchains eth1 | ------------------ machine B So, given I''m running kernel 2.4.19 and using ipchains

Hi all! I try to make port based routing, because a have two connections to the internet. My router is a "one disk floppy router for linux". It is a big router project www.fli4l.de. I try also to make a opt, it is like a plugin for this router. This project uses Kernel 2.2.19 compiled with libc5 (because it is small and you can use one floppy disk). At the moment, iproute2 is not

Hello, I have a Debian-Woody-3.0 Router with 3 NIC''s. Kernelversion 2.4.18 +------------+ +-------------+ | | | | |192.168.1.1 | | 192.168.2.1 | | DSL-Router | | ISDN-Router | +------------+ +-------------+ | |

Sorry for the long descritpion of the problem, I''d like to know If I misunderstand something or if I meet an intrinsic limit of my setup. 217.58.51.162 HDSL eth1 - SRV_XP: 192.168.254.10 eth0: 192.168.254.1 -----+------------------+------- 81.121.243.250 ADSL eth3 - I want to allow incoming pptp request (port 1723) to be forwarded to srv_xp

Hi all, i''m puzzled by a ploblem and I don''t know how to debug it... I have a firewall with 2 gateways, adsl and isdn. Main gateway is via adsl, backup via isdn. I setup 2 table ''adsl'' and ''isdn''. You can find a description below. I made a script to test both tables. That mainly 1. adds an iptables -t mangle -A

Hi, A friend of mine has 2 lines of 512kbps terminated in two Linux boxes. He now want to remove those 2 boxes and have some device which will loadbalance the two ISPs and also have a failover arrangement. But he has agreed to give me a chance to do it on Linux for my own satisfication. Is this easy to do with lartc? How do I go about it exactly? I have very less time to do it since his

hi all, I have a firewall with 2 gateways. Router A (main, adsl), router I (backup, isdn). In case of failure of adsl I switch to isdn. How can I know when it is time to go back? Which is a standard way to test the adsl line? TIA sandro -- Sandro Dentella *:-) e-mail: sandro@e-den.it http://www.tksql.org TkSQL Home page - My GPL work

ok i will do it in text: 66.92.114.46 eth0 209.141.2.194 eth1 192.168.119.101 eth2 192.168.120.101 eth3 What i have is a linux box RH7.3 which will eventually run Shorewall Firewall. On this box there is eth0 66.92.114.46 conneted to isp1 and eth1 209.141.2.194 connected to isp2 It also has eth2 192.168.119.101 and eth3 192.168.120.101 which will connect to a failover appliance which has 2 wan

hi thanks for your reply heh "Example: ip del rule pref 32742" is syntically wrong :) and when i tried "ip rule del 32742" it gives me error # ip rule del 32742 Error: argument "32742" is wrong: Failed to parse rule type so how to get get of these extra rules? 0: from all lookup local 32742: from all fwmark 0x2 lookup squid.out 32743: from all fwmark 0x2

I need to route: from 196.33.50.0/25 (default route) to ISP1 from 196.33.248.0/24 (default route) to ISP2 ISP1 --------- fire --+---- 196.33.248.0/24 / | ISP2 --------/ +---- router ----- router ----- 196.33.50.0/25 What I''ve done: Default route via ISP1 created routing table ISP2 for default route via ISP2 I would like to do the following but they get

Hi, is it possible to make rules or routes with negated ip addresses like that: ip rule add from ! 192.168.0.0/16 table xyz ? Or is this planned for the future? Thanks Regards Lars Täuber _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hello all, I do not read C very well (especially kernel C). Though I have tried to muddle my way through an understanding of what''s going on in fib_hash.c, fib_rules.c, and route.c, I have not succeeded to my satisfaction, hence my post. I''m trying to document the general process of route selection, and have come up with the following overview. Could somebody point out any

I''m having trouble routing on high fwmarks, I want to use a lot of different marks for 2 routes so that I can QoS based on the marks ip rule looks like this: 0: from all lookup local 32751: from all fwmark 31 lookup dslout 32752: from all fwmark 30 lookup dslout 32753: from all fwmark 29 lookup dslout 32754: from all fwmark 28 lookup dslout 32755: from

hi I have trying to remove the extra rules from my routing tables, however with no luck Also I want to know these duplicate entries have an effect on packets going routed? I have this overwhelming rules lists from my predessor who added the "ip rule add fwmark" entries in firewall script, and on each run of firewall script its creates an extra entry in routing table. Now what I want to

Is there any linux distribution, with redundant internet connection management by ip included ? Thnx -- VETSEL Patrice Forum d''aide DEBIAN Francophone sur : http://kagou.tuxfamily.org/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hello all, I need a virtual firewall/router solution. I''m thinking of a netscreen 1000 but I want to know if it can be done in Linux. Here is my idea: 1 Linux box 2 GigE interfaces 1 interface setup with a public IP address ($PUBIP) 1 interface setup with 802.1q VLAN trunking with 100 vlans assigned ($VLAN1-$VLAN100) a /25 subnet routed to $PUBIP from my core routers All $VLAN

hello list (and martin) ;x i have now composed my final(?) policy routing design. the goals i had when beginning with this, for you that have not follow mine and martins thread, was to 1) only let 192.168.1/24 to see all routes, 2) not route between defined networks, except to and from 192.168.1/24 and 3) not defined networks should only be able to reach 192.168.1/24. this might sound simple.