From: Alex Samad <alex@samad.com.au>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Routing problem (RTNETLINK answers: Invalid argument) on
Date: Wed, 14 Feb 2007 02:53:59 +0000 [thread overview]
Message-ID: <20070214025359.GS4088@samad.com.au> (raw)
In-Reply-To: <200702131450.13852.paul@diasoft.nl>
[-- Attachment #1.1: Type: text/plain, Size: 6886 bytes --]
On Tue, Feb 13, 2007 at 10:54:51PM +0100, Paul Viney wrote:
> Thanks for the advice, Alex. I've been able to add both default routes - I
> hadn't considered using the metric to avoid using the VPN link.
> I guess I wasn't very clear with my use of 64.233.183.103, which was meant to
> be a random internet address coming in over the VPN link, not the default
> internet link.
> what exactly does the " prohibit default proto static metric 100 " in your
> routing table do? Haven't you already had a default route which would trigger
> before reaching this rule?
it been a while since I looked over this, but from memory, if the link goes
down, it stops the route table being used
>
> I still seem to have much the same problem. I no longer get ICMP unreachable
> errors, but the packet just seems to disappear - I can't see it being
> forwarded on any interface, nor can I find any kind of reply - icmp or
> otherwise.
sounds like a firewall issue!
>
> ip route get <random internet address> to 192.168.12.5 gives
> 192.168.12.5 dev eth3 src 192.168.12.1
> cache mtu 1500 advmss 1460 metric 10 64
>
> ip route get <random internet address> to 192.168.12.5 iif eth1 gives
> RTNETLINK answers: Invalid argument
try
ip r g <random internet address> from 192.168.12.5, I seem to be getting the
same error as you
>
> Am I not understanding how "ip route get" works? The man pages are fairly
> succinct in their explanation.
>
> Thanks for your help,
>
> Paul Viney
>
>
> On Tuesday 13 February 2007 21:40, Alex Samad wrote:
> > On Tue, Feb 13, 2007 at 02:50:13PM +0100, Paul Viney wrote:
> > > Hi all,
> > >
> > > I'm trying to set up a computer with 2 routes to the internet, much as
> > > described at http://lartc.org/howto/lartc.rpdb.multiple-links.html .One
> > > of my interfaces (eth5, 192.168.2.2) is only used for traffic originating
> > > inside the network. The other (eth1, 192.168.1.2) is only used for a VPN,
> > > where all (udp) traffic originates from outside our network. I have
> > > created a second routing table for eth1, with its own default gateway,
> > > and selected it with ip rule from 192.168.1.2 iif lo lookup 4. All this
> > > works fine.
> > > My problem is that one of the udp ports is forwarded to another server
> > > using iptables:
> > > /sbin/iptables -t nat -A PREROUTING -i eth1 -p udp -d 192.168.1.2 --dport
> > > 4902 -j DNAT --to 192.168.12.5:4902
> > >
> > > using tcpdump on eth1, I can see that the incoming packets receive an
> > > icmp rejection, and when I try something like
> > >
> > > ip route get 192.168.12.5 from 64.233.183.103 iif eth1
> > > I get "RTNETLINK answers: Invalid argument"
> > >
> > > If I try
> > > ip route get 192.168.12.5 from 64.233.183.103 iif eth5
> > > I get
> > > 192.168.12.5 from 64.233.183.103 dev eth3 src 192.168.2.2
> > > cache mtu 1500 advmss 1460 metric 10 64 iif eth5
> > >
> > > which leads me to conclude that the difference has something to do with
> > > the default route.
> > > I've tried things like
> > > ip rule add iif eth1 lookup 4 (4 being my custom routing table)
> > > ip rule add from 192.168.1.2 lookup 4
> > >
> > > and even
> > > iptables -t nat -I PREROUTING -i eth1 -p udp -j MARK --set-mark 1
> > > ip rule from all fwmark 0x1 lookup 4
> > > ip route flush cache
> > >
> > > I'm using linux 2.6.19.2 + grsecurity patches, every option I could find
> > > compiled in, on an up to date gentoo system.
> > >
> > > Can anyone see what I'm missing?
> > >
> > > Thanks,
> > >
> > > Paul Viney
> > >
> > >
> > > ip route show
> > > 192.168.2.0/24 dev eth5 proto kernel scope link src 192.168.2.2
> > > 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.2
> > > 192.168.12.0/24 dev eth3 proto kernel scope link src 192.168.12.1
> > > 127.0.0.0/8 dev lo scope link
> > > default via 192.168.2.1 dev eth5
> > >
> > > ip route show table 4
> > > 192.168.2.0/24 dev eth5 proto kernel scope link src 192.168.2.2
> > > 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.2
> > > 192.168.12.0/24 dev eth3 proto kernel scope link src 192.168.12.1
> > > 127.0.0.0/8 dev lo scope link
> > > default via 192.168.1.1 dev eth1
> > >
> > > ip rule show
> > > 0: from all lookup local
> > > 9999: from all fwmark 0x1 lookup 4
> > > 10000: from 192.168.1.2 iif lo lookup 4
> >
> > if the ip address on eth1 is 64.233.183.103 then you need a rule
> > 10001: from 64.233.183.103 lookup 4
> >
> > I don't think the fwmark rule will work with ip route get.
> >
> > Plus your routing information in table 4, you are saying that the default
> > address is available via 192.168.1.1 ???? that doesn't match up with
> > 64.233.183.103
> >
> >
> >
> > this is my ip ru
> > 0: from all lookup local
> > 200: from 144.132.147.156 lookup cable
> > 201: from 60.241.248.86 lookup adsl
> > 32766: from all lookup main
> > 32767: from all lookup default
> >
> >
> > 144.132.147.156 is one isp, 60.241.248.86 is the other one
> >
> > ip r sh tab cable
> > 192.168.8.248/29 dev tap0 scope link src 192.168.8.249
> > 192.168.11.0/24 dev vlan0 scope link src 192.168.11.1
> > 192.168.10.0/24 dev eth1 scope link src 192.168.10.1
> > default via 144.132.144.1 dev vlan2 proto static src 144.132.147.156
> > metric 50
> > prohibit default proto static metric 100
> >
> >
> > ip r sh tab adsl
> > 192.168.8.248/29 dev tap0 scope link src 192.168.8.249
> > 192.168.11.0/24 dev vlan0 scope link src 192.168.11.1
> > 192.168.10.0/24 dev eth1 scope link src 192.168.10.1
> > default via 10.20.20.168 dev ppp0 proto static src 60.241.248.86 metric
> > 20 prohibit default proto static metric 100
> >
> > ip r sh tab default
> > default proto static metric 5
> > nexthop via 144.132.144.1 dev vlan2 weight 1
> > nexthop via 10.20.20.168 dev ppp0 weight 20
> > default via 10.20.20.168 dev ppp0 src 60.241.248.86 metric 20
> > default via 144.132.144.1 dev vlan2 src 144.132.147.156 metric 30
> >
> >
> > The difference for you should be in the default table, you will not need
> > default proto static metric 5
> > nexthop via 144.132.144.1 dev vlan2 weight 1
> > nexthop via 10.20.20.168 dev ppp0 weight 20
> >
> >
> > cause you want all your traffic to go out 1 link.
> >
> > alex
> >
> > > 30000: from all lookup main
> > > 30000: from all lookup default
> > > _______________________________________________
> > > LARTC mailing list
> > > LARTC@mailman.ds9a.nl
> > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
[-- Attachment #1.2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
[-- Attachment #2: Type: text/plain, Size: 143 bytes --]
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next prev parent reply other threads:[~2007-02-14 2:53 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-02-13 13:50 [LARTC] Routing problem (RTNETLINK answers: Invalid argument) on Paul Viney
2007-02-13 20:40 ` Alex Samad
2007-02-13 21:54 ` Paul Viney
2007-02-14 2:53 ` Alex Samad [this message]
2007-02-14 7:30 ` Paul Viney
2007-02-14 7:35 ` Paul Viney
2007-02-14 20:17 ` [LARTC] Routing problem (RTNETLINK answers: Invalid argument) Torsten Luettgert
2007-02-14 23:30 ` [LARTC] Routing problem (RTNETLINK answers: Invalid argument) on Paul Viney
2007-02-15 0:00 ` Alex Samad
2007-02-18 20:30 ` [LARTC] Routing problem (RTNETLINK answers: Invalid argument) Brian J. Murrell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070214025359.GS4088@samad.com.au \
--to=alex@samad.com.au \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.