TWO ROUTING

TWO ROUTING

[José Gomes]

[-- Attachment #1.1: Type: text/plain, Size: 564 bytes --]

 

 Hello All,

 

I Need to setup one Linux box with 3 Nics and two valid ip address, my
question is:

 

Nic1: 192.168.14.0/24

Nic2: 200.204.x.x/29 route to internet

Nic3: 200.171.x.x/29 route to internet 

 

How can both Ips with different routes response to requests with both routes
enable ???

 

Please help-me.

 

 

 

Best Regards,

 

 

José Gomes

Network Specialist

Redbox Networks Ltda

jgomes@redbox.com.br

 <http://www.redbox.com.br/> http://www.redbox.com.br

+ 5511 3816-3720 R. 212

 


[-- Attachment #1.2: Type: text/html, Size: 7205 bytes --]

[-- Attachment #2: image001.gif --]
[-- Type: image/gif, Size: 862 bytes --]

Re: TWO ROUTING

[Sylvain BERTRAND]

[-- Attachment #1.1: Type: text/plain, Size: 896 bytes --]

Hi,

You have 2 ISP's and want to use both?
If so, check out this page: http://lartc.org/howto/lartc.rpdb.multiple-links.html
Regards,

Sylvain
  ----- Original Message ----- 
  From: José Gomes 
  To: netfilter@lists.netfilter.org 
  Sent: Wednesday, November 19, 2003 4:17 PM
  Subject: TWO ROUTING


   
   Hello All,

   

  I Need to setup one Linux box with 3 Nics and two valid ip address, my question is:

   

  Nic1: 192.168.14.0/24

  Nic2: 200.204.x.x/29 route to internet

  Nic3: 200.171.x.x/29 route to internet 

   

  How can both Ips with different routes response to requests with both routes enable ???

   

  Please help-me.

   

   

   

  Best Regards,

   

   

  José Gomes

  Network Specialist

  Redbox Networks Ltda

  jgomes@redbox.com.br

  http://www.redbox.com.br

  + 5511 3816-3720 R. 212

   

[-- Attachment #1.2: Type: text/html, Size: 8430 bytes --]

[-- Attachment #2: image001.gif --]
[-- Type: image/gif, Size: 862 bytes --]

Re: TWO ROUTING

[Jeffrey Laramie]

José Gomes wrote:

>  Hello All,
>
>  
>
> I Need to setup one Linux box with 3 Nics and two valid ip address, my 
> question is:
>
>  
>
> Nic1: 192.168.14.0/24
>
> Nic2: 200.204.x.x/29 route to internet
>
> Nic3: 200.171.x.x/29 route to internet
>
>  
>
> How can both Ips with different routes response to requests with both 
> routes enable ???
>
>  
>
> Please help-me.
>
>  
>

I'm not clear what it is you're asking. Setting routes doesn't involve 
iptables or netfilter. If you could give some more information we can 
try to help.

Jeff

Re: TWO ROUTING

[Antony Stone]

On Thursday 20 November 2003 1:28 pm, Jeffrey Laramie wrote:

> José Gomes wrote:
> >
> > I Need to setup one Linux box with 3 Nics and two valid ip address, my
> > question is:
> >
> > Nic1: 192.168.14.0/24
> >
> > Nic2: 200.204.x.x/29 route to internet
> >
> > Nic3: 200.171.x.x/29 route to internet
> >
> > How can both Ips with different routes response to requests with both
> > routes enable ???
>
> I'm not clear what it is you're asking. Setting routes doesn't involve
> iptables or netfilter. If you could give some more information we can
> try to help.

I think he's simply asking whether Linux can use two default routes on one 
machine at the same time.

Agreed, not a netfilter question, but I see the same thing asked on the Squid 
mailing list too....

Antony.

-- 

If you think you see a Heffalump in a trap,
make sure it isn't really a Bear with an empty honey jar stuck on his head.

                                                     Please reply to the list;
                                                           please don't CC me.

Re: TWO ROUTING

[Jeffrey Laramie]

Antony Stone wrote:

>On Thursday 20 November 2003 1:28 pm, Jeffrey Laramie wrote:
>
>  
>
>>José Gomes wrote:
>>    
>>
>>>I Need to setup one Linux box with 3 Nics and two valid ip address, my
>>>question is:
>>>
>>>Nic1: 192.168.14.0/24
>>>
>>>Nic2: 200.204.x.x/29 route to internet
>>>
>>>Nic3: 200.171.x.x/29 route to internet
>>>
>>>How can both Ips with different routes response to requests with both
>>>routes enable ???
>>>      
>>>
>>I'm not clear what it is you're asking. Setting routes doesn't involve
>>iptables or netfilter. If you could give some more information we can
>>try to help.
>>    
>>
>
>I think he's simply asking whether Linux can use two default routes on one 
>machine at the same time.
>  
>

Oh, I see. I don't think that's possible at the routing level. That 
sounds like a job for a load balancer but I'm not a technical guy and 
routing isn't my strong suit. I'm really much better at filter rules, 
logging, and sarcasm.  ;-)

>Agreed, not a netfilter question, but I see the same thing asked on the Squid 
>mailing list too....
>
>  
>

I also see similar questions on multiple lists. I often have to check 
the mail header to see what list they're posting to so I know the 
context of the question. On a similar vein, does netfilter have any 
mailing list usage guidelines posted anywhere? I looked around the other 
day and couldn't find any. I've seen some sites with a link to 
guidelines and etiquette on the list subscription page. Something like 
that might be useful for this list.

Jeff

Re: TWO ROUTING

[Antony Stone]

On Thursday 20 November 2003 2:43 pm, Jeffrey Laramie wrote:

> Antony Stone wrote:
> >
> >I think he's simply asking whether Linux can use two default routes on one
> >machine at the same time.
>
> Oh, I see. I don't think that's possible at the routing level. That
> sounds like a job for a load balancer but I'm not a technical guy and
> routing isn't my strong suit. I'm really much better at filter rules,
> logging, and sarcasm.  ;-)

All very admirable in a firewall :)

As far as the twin-default-route question is concerned, I don't think the 
standard Linux kernel can do it either (I think it just uses the first 
routing table entry which matches, so one of the routes will never get used), 
however I'm sure I've seen a simple setup using a netmask of all zeroes, but 
ending in a 1, with two routes depending on whether that last bit is a one or 
a zero - this seems like a reasonable load-balancing system to use two routes 
equally, assuming that your traffic has reasonably distributed IP addresses.

> > Agreed, not a netfilter question, but I see the same thing asked on the
> > Squid mailing list too....
>
> I also see similar questions on multiple lists. I often have to check
> the mail header to see what list they're posting to so I know the
> context of the question. On a similar vein, does netfilter have any
> mailing list usage guidelines posted anywhere? I looked around the other
> day and couldn't find any. I've seen some sites with a link to
> guidelines and etiquette on the list subscription page. Something like
> that might be useful for this list.

I think that would be a good idea; I'm not aware of anything like this for 
the netfilter lists themselves, and I think a good starting point would be a 
copy of "Jeff's Rules" as posted on Monday, together with Aldo's 
recommendation to read Oskar's tutorial before posting (and preferably, 
before trying to configure netfilter).   I think something like this would go 
well on http://www.netfilter.org/contact.html

Antony.

-- 

90% of network problems are routing problems.
9 of the remaining 10% are routing problems in the other direction.
The remaining 1% might be something else, but check the routing anyway.

                                                     Please reply to the list;
                                                           please don't CC me.

Re: TWO ROUTING

[Ramin Dousti]

On Thu, Nov 20, 2003 at 09:43:33AM -0500, Jeffrey Laramie wrote:

> >I think he's simply asking whether Linux can use two default routes on one 
> >machine at the same time.
> > 
> >
> 
> Oh, I see. I don't think that's possible at the routing level.

Yes, it is. Take a look at "Linux Advanced Routing & Traffic Control".

But one thing which is most of the time mistaken is that you can only
affect the outbound packets with your local routing strategy. The inbound
packets are at the mercy of your ISP(s). In order to make sure that your
strategy is respected by your ISP(s) you need to somehow communicate that
strategy with them, either call them up and make them commit to it or set
up some kind of routing protocol with them. Both options are rearly
accepted by your ISP(s) as a residential user ;-)

Ramin

Re: TWO ROUTING

[Jeffrey Laramie]

Ramin Dousti wrote:

>On Thu, Nov 20, 2003 at 09:43:33AM -0500, Jeffrey Laramie wrote:
>
>  
>
>>>I think he's simply asking whether Linux can use two default routes on one 
>>>machine at the same time.
>>>
>>>
>>>      
>>>
>>Oh, I see. I don't think that's possible at the routing level.
>>    
>>
>
>Yes, it is. Take a look at "Linux Advanced Routing & Traffic Control".
>  
>

Interesting. I take it you're referring to the "TEQL" device? Is this 
installed by a kernel module? From the iptables perspective (trying to 
stay at least marginally on topic!) if you used this would you use -i 
eth0 or -i teql0 to identify the interface?

Jeff

Re: TWO ROUTING

[Ramin Dousti]

On Thu, Nov 20, 2003 at 11:16:08AM -0500, Jeffrey Laramie wrote:

> Interesting. I take it you're referring to the "TEQL" device?

Isn't TEQL for loadbalancing (bundling two or more interfaces terminating
on the same remote device)? No, I was referring to the "ip ro ..."
command which gives you tons of options, including multiple default
routes, routing dicision based on other stuff than only the dst addr...


> Is this 
> installed by a kernel module? From the iptables perspective (trying to 
> stay at least marginally on topic!) if you used this would you use -i 
> eth0 or -i teql0 to identify the interface?

If you bundled eth0 and eth1 to have teql0 then the rules should
reference teql0.

Also, please note that the TEQL stuff is linux specific (interoperability
issues).

Ramin

> Jeff

RE: TWO ROUTING

[Miguel Laborde]

I believe you should be looking at iproute2 for this.



-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org]On Behalf Of Antony Stone
Sent: Thursday, November 20, 2003 9:59 AM
To: netfilter@lists.netfilter.org
Subject: Re: TWO ROUTING


On Thursday 20 November 2003 2:43 pm, Jeffrey Laramie wrote:

> Antony Stone wrote:
> >
> >I think he's simply asking whether Linux can use two default routes on one
> >machine at the same time.
>
> Oh, I see. I don't think that's possible at the routing level. That
> sounds like a job for a load balancer but I'm not a technical guy and
> routing isn't my strong suit. I'm really much better at filter rules,
> logging, and sarcasm.  ;-)

All very admirable in a firewall :)

As far as the twin-default-route question is concerned, I don't think the 
standard Linux kernel can do it either (I think it just uses the first 
routing table entry which matches, so one of the routes will never get used), 
however I'm sure I've seen a simple setup using a netmask of all zeroes, but 
ending in a 1, with two routes depending on whether that last bit is a one or 
a zero - this seems like a reasonable load-balancing system to use two routes 
equally, assuming that your traffic has reasonably distributed IP addresses.

> > Agreed, not a netfilter question, but I see the same thing asked on the
> > Squid mailing list too....
>
> I also see similar questions on multiple lists. I often have to check
> the mail header to see what list they're posting to so I know the
> context of the question. On a similar vein, does netfilter have any
> mailing list usage guidelines posted anywhere? I looked around the other
> day and couldn't find any. I've seen some sites with a link to
> guidelines and etiquette on the list subscription page. Something like
> that might be useful for this list.

I think that would be a good idea; I'm not aware of anything like this for 
the netfilter lists themselves, and I think a good starting point would be a 
copy of "Jeff's Rules" as posted on Monday, together with Aldo's 
recommendation to read Oskar's tutorial before posting (and preferably, 
before trying to configure netfilter).   I think something like this would go 
well on http://www.netfilter.org/contact.html

Antony.

-- 

90% of network problems are routing problems.
9 of the remaining 10% are routing problems in the other direction.
The remaining 1% might be something else, but check the routing anyway.

                                                     Please reply to the list;
                                                           please don't CC me.

RE: TWO ROUTING

[George Vieira]

[-- Attachment #1.1: Type: text/plain, Size: 1288 bytes --]

He is asking what has been asked alot lately which is how to make a machine respond to both internet links via it's appropriate IP addresses.
 
So when a client accesses the machine via ww.xx.yy.zz, the firewall responds back via that IP/ether, if a different client accesses it via the aa.bb.cc.dd address, it responds back via that address/ether.
 
There was talk before about using CONNTRACK and marking packets on the list before.. I think this is the solution but I didn't see a successful response..
 

Thanks,

George Vieira.
 

-----Original Message-----
From: José Gomes [mailto:jgomes@datas.com.br]
Sent: Thursday, 20 November 2003 2:17 AM
To: netfilter@lists.netfilter.org
Subject: TWO ROUTING


 

 Hello All,

 

I Need to setup one Linux box with 3 Nics and two valid ip address, my question is:

 

Nic1: 192.168.14.0/24

Nic2: 200.204.x.x/29 route to internet

Nic3: 200.171.x.x/29 route to internet 

 

How can both Ips with different routes response to requests with both routes enable ???

 

Please help-me.

 

 

 

Best Regards,

 

 

José Gomes

Network Specialist

Redbox Networks Ltda

jgomes@redbox.com.br

 <http://www.redbox.com.br/> http://www.redbox.com.br

+ 5511 3816-3720 R. 212

 


[-- Attachment #1.2: Type: text/html, Size: 8845 bytes --]

[-- Attachment #2: image001.gif --]
[-- Type: image/gif, Size: 862 bytes --]

Re: TWO ROUTING

[Antony Stone]

On Thursday 20 November 2003 9:44 pm, George Vieira wrote:

> He is asking what has been asked alot lately which is how to make a machine
> respond to both internet links via it's appropriate IP addresses.
>
> So when a client accesses the machine via ww.xx.yy.zz, the firewall
> responds back via that IP/ether, if a different client accesses it via the
> aa.bb.cc.dd address, it responds back via that address/ether.
>
> There was talk before about using CONNTRACK and marking packets on the list
> before.. I think this is the solution but I didn't see a successful
> response..

You can MARK packets on their way through netfilter, and do various 
interesting and possibly useful things to the packet on the basis of the mark 
which was assigned, however I do not think there is any way of identifying 
the packets which come in later as replies to these, and thereby doing 
anything based on the mark which was assigned to the first packet on its way 
through.

Antony.

-- 

This email was created using 100% recycled electrons.

                                                     Please reply to the list;
                                                           please don't CC me.

Re: TWO ROUTING

[Marco Shaw]

> > There was talk before about using CONNTRACK and marking packets on the list
> > before.. I think this is the solution but I didn't see a successful
> > response..
> 
> You can MARK packets on their way through netfilter, and do various 
> interesting and possibly useful things to the packet on the basis of the mark 
> which was assigned, however I do not think there is any way of identifying 
> the packets which come in later as replies to these, and thereby doing 
> anything based on the mark which was assigned to the first packet on its way 
> through.

Something I'm working on (or at least thinking really hard about) is a
user-space Perl script that will (somehow) record sequence and
acknowledgment numbers for outgoing packets, then possibly act on the
returning packets depending on the ack and seq numbers found.

Am I way off, or would this help/apply here?

Marco