Re: [LARTC] Slipt 2 ISP strange routing problem

From: guillaume <guillaume.riviere@vslitc.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Slipt 2 ISP strange routing problem
Date: Mon, 06 Sep 2004 08:21:20 +0000	[thread overview]
Message-ID: <413C7FC2.1050603@vslitc.com> (raw)
In-Reply-To: <41370397.4080407@vslitc.com>

Robert Kurjata wrote:

>Hello guillaume,
>
>Saturday, September 4, 2004, 12:44:04 PM, you wrote:
>
>g> guillaume wrote:
>
>  
>
>>>Robert Kurjata wrote:
>>>
>>>      
>>>
>>>>Cytowanie guillaume <guillaume.riviere@vslitc.com>:
>>>>
>>>> 
>>>>
>>>>        
>>>>
>>>>>Dear all Lartc,
>>>>>I try to split my Internet access to my 2 ISP with 1 linux 
>>>>>(GNU/Debian sarge) 3 NIC router,
>>>>>I want all my users conneted with ISP1 and just some IP connected
>>>>>with ISP2
>>>>>Here is my configuration:
>>>>>  
>>>>>          
>>>>>
>>>>[cut out a part]
>>>>
>>>>I would suggest slight change in fw rules below
>>>>
>>>># special rules for some IPs to go on second ISP
>>>>iptables -t mangle -A PREROUTING -s 10.117.71.1 -j MARK --set-mark 34
>>>>
>>>># SNAT RULES
>>>>
>>>>iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 1.2.3.4
>>>>iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to 5.6.7.8
>>>>
>>>>and trying the script below. It was taken from my Multipath/Policy
>>>>routing case
>>>>by wipeing out a multipath part, so its is lsightly too much, but I
>>>>suppose (I
>>>>didn't check) it should work. It is supposed to seamlesly integrate
>>>>with multipath routing that's why so big,
>>>>the idea behind is:
>>>>1. remove default routing from main table,
>>>>2. take care of routing from correct interface (correctness of source
>>>>IP/ source
>>>>interface pair),
>>>>3. policy routing of selected clients (table 210)
>>>>4. default routing of the others (table 211)
>>>>Of course you can leave it for the main table, but for the sake of
>>>>example
>>>>i left it this way.
>>>>
>>>>Hope it can help.
>>>> 
>>>>
>>>>        
>>>>
>>>[cut out a part]
>>>
>>>
>>>Dear Robert,
>>>
>>>I try this script (adapted for my network) and I get the same problem:
>>>
>>>All my IP routed on my first ISP, no problem
>>>With my 10.117.71.1 routed on my second ISP,
>>>I can connect to my ISP network (I can connect to the gateway website
>>>on 5.6.7.9) but
>>>I cannot ping any external IP addresses.
>>>      
>>>
>
>g> I  also test a DNAT rule to access to my internal network with my second
>g> ISP external
>g> IP ... And it works fine, no problem ...
>
>g> iptables -t nat -I PREROUTING  -p tcp -d 1.2.3.4   --dport 80  -j DNAT
>g> --to 10.117.71.2:80 # my web server
>
>g> I don't know how to make this work for Inside -> outside connection ...
>
>g> Guillaume
>g> _______________________________________________
>g> LARTC mailing list / LARTC@mailman.ds9a.nl
>g> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>Of course I have the patches from Julian Anastasov applied
>http://www.ssi.bg/~ja/#routes , maybe that's the point
>
>  
>
In a first time no,
but now, yes I have apply the routes-2.6.8-10.diff find on 
http://www.ssi.bg/~ja/#routes-2.6 
<http://www.ssi.bg/%7Eja/routes-2.6.8-10.diff>
by patch "patch -p1 < route-2.6.8-10.diff" there is no differences ...
I could not access to Internet with our without the pach,

How can I be sure that this pach is on my current kernel ?

I will try to re-apply the pach and recompile my kernel.

Thank you,
Guillaume
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/