From: John Smithee <for-gmane@mutluit.com>
To: netfilter@vger.kernel.org
Subject: Re: Basic routing
Date: Sat, 04 Oct 2014 19:44:46 +0200 [thread overview]
Message-ID: <m0pbme$ifl$1@ger.gmane.org> (raw)
In-Reply-To: <m0p2g0$clr$1@ger.gmane.org>
John Smithee wrote, On 10/04/2014 05:07 PM:
> Thomas Bätzler wrote, On 10/04/2014 03:56 PM:
>> Hi,
>>
>> Am 04.10.2014 um 13:06 schrieb John Smithee:
>>> Ok, I admit using "ping -I" was a bad example. The whole point I tried
>>> to make is, that the second net (69.0) cannot reach any other IP
>>> outside its own net.
>>> The goal is to let 69.0 reach the world via this gateway machine
>>> 68.22/69.22.
>>> Is some iptables needed in this case?
>>
>> You do have IP forwarding enabled?
>>
>> If not, enable it using
>> echo "1" > /proc/sys/net/ipv4/ip_forward
>> and try again.
>>
>>
>> HTH,
>> Thomas
>
>
> Yes, ip frowarding is enabled.
>
> After doing much research on the net and experimenting
> I think (still testing) I finally found a solution,
> but it's unfortunately a little bit complicated.
> I'll summarize later.
I finally managed to get it working with these steps:
IF0="eth0"
NW0="192.168.68.0/24"
ET0="192.168.68.22"
GW0="192.168.68.254"
TAB0="my0" # must be defined in /etc/iproute2/rt_tables, f.e. 100 my0
IF1="eth1"
NW1="192.168.69.0/24"
ET1="192.168.69.22"
GW1="192.168.69.7"
TAB1="my1" # must be defined in /etc/iproute2/rt_tables, f.e. 101 my1
ip route add $NW0 dev $IF0 src $ET0 table $TAB0
ip route add default via $GW0 table $TAB0
ip route add $NW1 dev $IF1 src $ET1 table $TAB1
ip route add default via $GW1 table $TAB1
ip route add $NW0 dev $IF0 src $ET0
ip route add $NW1 dev $IF1 src $ET1
# your preference for default route:
ip route add default via $GW0
ip rule add from $ET0 table $TAB0
ip rule add from $ET1 table $TAB1
ip rule add to $ET0 table $TAB0
ip rule add to $ET1 table $TAB1
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
This solution is not that bad, though IMHO complicated.
But one thing is still missing: 69.* cannot ping
the IP 68.22, but other than that it can reach everything else.
If someone knows a simpler solution pls let me know, thx.
Here are some references where I found the above stuff:
http://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/
http://www.linuxhorizon.ro/iproute2.html
http://www.lartc.org/howto/lartc.rpdb.html
http://www.lartc.org/howto/lartc.rpdb.multiple-links.html
next prev parent reply other threads:[~2014-10-04 17:44 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-04 1:10 Basic routing John Smithee
2014-10-04 1:24 ` John Smithee
2014-10-04 8:50 ` George Botye
2014-10-04 1:34 ` Neal Murphy
2014-10-04 2:52 ` John Smithee
2014-10-04 3:05 ` Dennis Jacobfeuerborn
2014-10-04 5:02 ` Neal Murphy
2014-10-04 7:04 ` John Lister
2014-10-04 11:06 ` John Smithee
2014-10-04 13:56 ` Thomas Bätzler
2014-10-04 15:07 ` John Smithee
2014-10-04 17:44 ` John Smithee [this message]
2014-10-05 15:41 ` John Lister
2014-10-06 9:41 ` André Paulsberg
-- strict thread matches above, loose matches on Subject: below --
2008-11-02 16:15 Basic Routing Daniel L. Miller
2008-11-02 17:03 ` Rob Sterenborg
2008-11-02 18:43 ` Daniel L. Miller
2008-11-02 19:53 ` Rob Sterenborg
2008-11-03 1:59 ` Daniel L. Miller
2008-11-02 20:04 ` Grant Taylor
2008-11-02 20:51 ` Grant Taylor
2008-11-03 1:52 ` Daniel L. Miller
2008-11-03 2:34 ` Grant Taylor
2008-11-03 19:29 ` Daniel L. Miller
2008-11-03 19:39 ` Daniel L. Miller
2008-11-03 20:26 ` Grant Taylor
2008-11-05 0:00 ` Daniel L. Miller
2008-11-05 5:21 ` Rob Sterenborg
2008-11-05 15:56 ` Grant Taylor
2008-11-05 18:22 ` Rob Sterenborg
2008-11-05 18:30 ` Grant Taylor
2008-11-05 19:49 ` Rob Sterenborg
2008-11-05 15:24 ` Grant Taylor
2008-11-03 23:40 ` Amos Jeffries
2008-11-04 23:13 ` Grant Taylor
2008-11-04 23:53 ` Daniel L. Miller
2008-11-05 12:24 ` John Haxby
2008-11-05 17:31 ` Grant Taylor
2010-09-20 21:40 ` Daniel L. Miller
2010-09-20 23:41 ` Jan Engelhardt
2010-09-21 3:34 ` Grant Taylor
2008-11-05 17:17 ` Grant Taylor
2008-11-02 19:06 ` Grant Taylor
2008-11-03 10:54 ` Pascal Hambourg
2008-11-03 16:35 ` Grant Taylor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='m0pbme$ifl$1@ger.gmane.org' \
--to=for-gmane@mutluit.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.