From mboxrd@z Thu Jan  1 00:00:00 1970
From: guillaume <guillaume.riviere@vslitc.com>
Date: Sat, 04 Sep 2004 03:33:03 +0000
Subject: Re: [LARTC] Slipt 2 ISP strange routing problem
Message-Id: <41399999.9080105@vslitc.com>
List-Id: <lartc.vger.kernel.org>
References: <41370397.4080407@vslitc.com>
In-Reply-To: <41370397.4080407@vslitc.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Robert Kurjata wrote:

>Cytowanie guillaume <guillaume.riviere@vslitc.com>:
>
>  
>
>>Dear all Lartc,
>>I try to split my Internet access to my 2 ISP with 1 linux (GNU/Debian 
>>sarge) 3 NIC router,
>>I want all my users conneted with ISP1 and just some IP connected with ISP2
>>Here is my configuration:
>>    
>>
>
>[cut out a part]
>
>I would suggest slight change in fw rules below
> 
> # special rules for some IPs to go on second ISP
> iptables -t mangle -A PREROUTING -s 10.117.71.1 -j MARK --set-mark 34
> 
> # SNAT RULES
> 
> iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 1.2.3.4
> iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to 5.6.7.8
>
>and trying the script below. It was taken from my Multipath/Policy routing case
>by wipeing out a multipath part, so its is lsightly too much, but I suppose (I
>didn't check) it should work. 
>It is supposed to seamlesly integrate with multipath routing that's why so big,
>the idea behind is:
>1. remove default routing from main table,
>2. take care of routing from correct interface (correctness of source IP/ source
>interface pair),
>3. policy routing of selected clients (table 210)
>4. default routing of the others (table 211)
>Of course you can leave it for the main table, but for the sake of example
>i left it this way.
>
>Hope it can help.
>  
>
[cut out a part]


Dear Robert,

I try this script (adapted for my network) and I get the same problem:

All my IP routed on my first ISP, no problem
With my 10.117.71.1 routed on my second ISP,
I can connect to my ISP network (I can connect to the gateway website on 
5.6.7.9) but
I cannot ping any external IP addresses.

Do I have to apply some pach to my 2.6.8 kernel ?
I really doesn't know how to invastigate more on  this problem.

In any cases, thank you for this script,
Guillaume
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/