All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Ross Simpson" <simpsora@usa.net>
To: lartc@vger.kernel.org
Subject: RE: [LARTC] multiple gateway problem
Date: Tue, 04 Dec 2001 21:09:29 +0000	[thread overview]
Message-ID: <marc-lartc-100750016909477@msgid-missing> (raw)
In-Reply-To: <marc-lartc-100740321228322@msgid-missing>

First off, here's a diagram:


               I N T E R N E T
               /              \
   -------------             -------------
   | 10.4.44.1 |             | 10.4.44.2 |
   |  lucent   |             |   speed   |
   -------------             -------------
    port-fw 80                 port-fw 80
              \               /
               \             /
                \           /
                 -----------
                 |   hub   |
                 -----------
                      |
                      |
                      |
                      |
                     eth0
                --------------
                | 10.4.44.11 |
                |   linux    |
                --------------

I have a default gateway as specified in /etc/sysconfig/network:
	GATEWAYDEV=eth0
	GATEWAY\x10.4.44.1

I ran the below commands to use multiple default gateways.

So here's what I would _like_ to see:
	Traffic coming to the box from the internal network uses the default route
from /etc/sysconfig/network.
	Traffic coming from the internet (from the 10.4.44.1 router, then
port-forwarded 10.4.44.11) should use 10.4.44.1 as the gateway to return the
packets to the client.
	10.4.44.2 should work identically to 10.4.44.1.

Right now, traffic coming from the system default gateway works great.
Traffic coming from 10.4.44.2 gets to the system, however I would guess that
it's being sent back to 10.4.44.1 as it is the default gateway.

As I'm watching a tcpdump, I see that packets are coming in with their
original (external) IP addresses, instead of the address of the router (I
was thinking that port forwarding temporarily changed the source IP of the
packet; apparently not).  So the setup is not working because external IPs
don't match 10.4.44.1 or 10.4.44.2, and the system's default gateway is
used.

So, I guess my question becomes: is there any way for linux to tell which
router the packet came from?  Could it tell maybe by mac address?

Thanks for the help!
Ross


-----Original Message-----
From: Whit Blauvelt [mailto:whit@transpect.com]
Sent: Tuesday, December 04, 2001 9:54 AM
To: Ross Simpson
Cc: lartc@mailman.ds9a.nl
Subject: Re: [LARTC] multiple gateway problem


Ross,

I'm new to this stuff myself, but do you have any default routes set up for
packets that are neither from 10.4.44.1 or 10.4.44.2? Are you testing from
inside or outside? In my own trials what you list below will allow outside
connections through either line, but inside-to-outside stuff isn't caught by
either rule and depends on general defaults.

I'm unclear though on just when a packet generated on the router takes on
which IP as its identity (for instance, when it presents with the
'localhost' IP). It does seem that when a request comes in on a certain
external IP that IP is preserved in the packets of a responding daemon, if
the daemon's on the router, so rules like yours apply to it.

Obviously I should spend an afternoon with a packet sniffer testing this
stuff out - I haven't run across a full explanation of it yet.

Whit

On Mon, Dec 03, 2001 at 11:15:42AM -0800, Ross Simpson wrote:

> echo 199 lucent >> /etc/iproute2/rt_tables (router #1)
> echo 200 speed >> /etc/iproute2/rt_tables (router #2)
> ip rule add from 10.4.44.1 table lucent
> ip rule add from 10.4.44.2 table speed
>
> ip rule ls:
> 0:      from all lookup local
> 32764:  from 10.4.44.2 lookup speed
> 32765:  from 10.4.44.1 lookup lucent
> 32766:  from all lookup main
> 32767:  from all lookup 253
>
> ip route add default via 10.4.44.1 dev eth0 table speed
> ip route add default via 10.4.44.2 dev eth0 table lucent
> ip route flush cache
>
> I can access forwarded ports on the external ip of the 'lucent' router,
but
> forwarded ports on the 'speed' router are not answering.
> I've verified that port forwarding on the speed router works.


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/

  parent reply	other threads:[~2001-12-04 21:09 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-12-03 18:13 [LARTC] multiple gateway problem Ross Simpson
2001-12-04 14:48 ` Jorge Castellet
2001-12-04 17:54 ` Whit Blauvelt
2001-12-04 21:09 ` Ross Simpson [this message]
2001-12-04 21:31 ` Whit Blauvelt
2001-12-05  7:14 ` Kristian Hoffmann
2001-12-06 17:13 ` Ross Simpson
2001-12-06 17:44 ` Whit Blauvelt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=marc-lartc-100750016909477@msgid-missing \
    --to=simpsora@usa.net \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.