From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alex Samad Date: Thu, 14 Jun 2007 04:23:14 +0000 Subject: Re: [LARTC] Re: multiple routing tables for internal router programs Message-Id: <20070614042314.GD5364@samad.com.au> MIME-Version: 1 Content-Type: multipart/mixed; boundary="===============0977473352==" List-Id: References: In-Reply-To: To: lartc@vger.kernel.org --===============0977473352== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="5p8PegU4iirBW1oA" Content-Disposition: inline --5p8PegU4iirBW1oA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jun 14, 2007 at 11:50:30AM +0800, Salim S I wrote: > I solved it, thought a bit ugly. >=20 > Have two more rules now in ip ru >=20 > 32150: from all lookup main > 32201: from all fwmark 0x200/0x200 lookup wan1_route > 32202: from all fwmark 0x400/0x400 lookup wan2_route > 32203: from 10.20.0.137 lookup wan1_route > 32204: from 10.2.3.107 lookup wan2_route > 32205: from all lookup catch_all > 32766: from all lookup main >=20 > I did not like to include WAN IP anywhere, coz it may be dynamic, but > well, seems like no choice. ran into the same problem, I capture the link information at ip-up time for= =20 ppp/pppoe and dhcp time for cable modem, then I fire off a scrip that pulls= =20 down all the ip ru & ip ro and builds it from scratch (as well as the=20 specialised iptables rules as well). This should only happen when I loose = a=20 connection so should be okay >=20 > And then two rules in OUTPUT chain > Iptables -t mangle -A OUTPUT -o eth2 -j LB1 > Iptables -t mangle -A OUTPUT -o eth3 -j LB2 >=20 > -----Original Message----- > From: lartc-bounces@mailman.ds9a.nl > [mailto:lartc-bounces@mailman.ds9a.nl] On Behalf Of Salim S I > Sent: Wednesday, June 13, 2007 12:08 PM > To: 'Peter Rabbitson' > Cc: lartc@mailman.ds9a.nl > Subject: RE: [LARTC] Re: multiple routing tables for internal router > programs >=20 > My configuration=20 >=20 > root@127.0.0.1:~# ip ru > 0: from all lookup local > 32150: from all lookup main > 32201: from all fwmark 0x200/0x200 lookup wan1_route > 32202: from all fwmark 0x400/0x400 lookup wan2_route > 32203: from all lookup catch_all > 32766: from all lookup main > 32767: from all lookup default >=20 > root@127.0.0.1:~# ip ro li ta main > 192.168.100.0/24 dev eth0 proto kernel scope link src 192.168.100.254 > 10.20.0.0/24 dev eth2 proto kernel scope link src 10.20.0.137 > 192.168.1.0/24 dev eth10 proto kernel scope link src 192.168.1.254 > 10.2.3.0/24 dev eth3 proto kernel scope link src 10.2.3.107 > 127.0.0.0/8 dev lo scope link >=20 > root@127.0.0.1:~# ip ro li ta wan1_route > default via 10.20.0.1 dev eth2 proto static > root@127.0.0.1:~# ip ro li ta wan2_route > default via 10.2.3.254 dev eth3 proto static >=20 > root@127.0.0.1:~# ip ro li ta catch_all > default proto static > nexthop via 10.20.0.1 dev eth2 weight 1 > nexthop via 10.2.3.254 dev eth3 weight 1 >=20 > The catch_all table comes into play only for local packets. All > forwarded packets are marked in mangle PREROUTING, with 0x200 0r 0x400. >=20 > If not loadblancing ping script, there maybe other apps using domain > names instead of IP address, they might still fail, right? >=20 > The problem happens when one of the link goes down (not the nexthop,but > after that). Then the kernel will pick an interface and wrong src IP for > local packets. >=20 >=20 > -----Original Message----- > From: Peter Rabbitson [mailto:rabbit@rabbit.us]=20 > Sent: Tuesday, June 12, 2007 7:24 PM > To: Salim S I > Cc: lartc@mailman.ds9a.nl > Subject: Re: [LARTC] Re: multiple routing tables for internal router > programs >=20 > Salim S I wrote: > > Thanks! I get it now. > > But why the src address for the interface is wrong?=20 > > In my case eth2 has a.b.c.d and eth3 has p.q.r.s. > >=20 > > DNS queries going through eth2 has p.q.r.s as src address and those > > going through eth3 has a.b.c.d. Something wrong with routing? >=20 > Possible. Post full configuration and someone might be able to help. >=20 > > I was wondering, how the ping script (to check the lonk status) of > > others work id domain name is used. >=20 > Don't know about others, and I personally use ip addresses :) >=20 >=20 > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >=20 >=20 > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >=20 --5p8PegU4iirBW1oA Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGcMKykZz88chpJ2MRAszpAJ9L0MV/KCtqSdNDTxVi5EqcHkIqgQCcC5z4 HGpHi3/gqdvxtHlroIHSqqw= =0+eE -----END PGP SIGNATURE----- --5p8PegU4iirBW1oA-- --===============0977473352== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc --===============0977473352==--