From: "Ross Simpson" <simpsora@usa.net>
To: lartc@vger.kernel.org
Subject: RE: [LARTC] multiple gateway problem
Date: Thu, 06 Dec 2001 17:13:40 +0000 [thread overview]
Message-ID: <marc-lartc-100765881914599@msgid-missing> (raw)
In-Reply-To: <marc-lartc-100740321228322@msgid-missing>
Well, I've done some more testing and am still having trouble.
I added another IP to eth0:
ip addr add 10.4.44.1224 brd 10.4.44.255 dev eth0
It pings fine from either router.
I changed the 10.4.44.1 router to forward port 80 to 10.4.44.11, and
changed 10.4.44.2 to forward to 10.4.44.12.
When I execute the commands below, I get the same old thing -- connections
to the 10.4.44.1 router work fine, but connections to 10.4.44.2 are never
established.
I also tried changing the 'from' keyword below to 'to', with the same
result.
Here's a tcpdump snippet of a request I made externally to the (external ip
of) the 10.4.44.2 router:
23:15:33.694184 eth0 < 199.182.120.202.33921 > 10.4.44.12.http: S
1955898960:1955898960(0) win 8760 <mss 1460> (DF)
23:15:33.694281 eth0 > 10.4.44.12.http > 199.182.120.202.33921: S
2999353690:2999353690(0) ack 1955898961 win 32120 <mss 1460> (DF)
23:15:33.724810 eth0 < 199.182.120.202.33921 > 10.4.44.12.http: . 1:1(0) ack
1 win 8760 (DF)
23:15:35.347623 eth0 < 199.182.120.202.33921 > 10.4.44.12.http: P 1:8(7) ack
1 win 8760 (DF)
23:15:35.347696 eth0 > 10.4.44.12.http > 199.182.120.202.33921: . 1:1(0) ack
8 win 32120 (DF)
23:15:35.355858 eth0 > 10.4.44.12.http > 199.182.120.202.33921: P
1:1461(1460) ack 8 win 32120 (DF)
23:15:35.355913 eth0 > 10.4.44.12.http > 199.182.120.202.33921: P
1461:2921(1460) ack 8 win 32120 (DF)
23:15:35.571995 eth0 < 199.182.120.202.33921 > 10.4.44.12.http: . 8:8(0) ack
1461 win 8760 (DF)
23:15:35.572119 eth0 > 10.4.44.12.http > 199.182.120.202.33921: P
2921:4381(1460) ack 8 win 32120 (DF)
23:15:35.572144 eth0 > 10.4.44.12.http > 199.182.120.202.33921: P
4381:5841(1460) ack 8 win 32120 (DF)
23:15:35.572157 eth0 > 10.4.44.12.http > 199.182.120.202.33921: FP
5841:7223(1382) ack 8 win 32120 (DF)
23:15:35.984004 eth0 < 199.182.120.202.33921 > 10.4.44.12.http: . 8:8(0) ack
2921 win 8760 (DF)
23:15:36.203976 eth0 < 199.182.120.202.33921 > 10.4.44.12.http: . 8:8(0) ack
4381 win 8760 (DF)
23:15:36.210403 eth0 < 199.182.120.202.33921 > 10.4.44.12.http: . 8:8(0) ack
5841 win 8760 (DF)
23:15:36.330731 eth0 < 199.182.120.202.33921 > 10.4.44.12.http: . 8:8(0) ack
7224 win 8760 (DF)
23:15:36.336468 eth0 < 199.182.120.202.33921 > 10.4.44.12.http: F 8:8(0) ack
7224 win 8760 (DF)
23:15:36.336519 eth0 > 10.4.44.12.http > 199.182.120.202.33921: .
7224:7224(0) ack 9 win 32120 (DF)
The packets seem to hit the correct ip on the webserver, but I can't tell
what happens next. I'm assuming that the packets are routed back through
the system default gw (10.4.44.1), and therefore never received by the
client.
One thing that I've noticed is strange -- when I issue an 'ip route' command
after setting up the two rules and routes, I get:
10.4.44.0/24 dev eth0 proto kernel scope link src 10.4.44.11
127.0.0.0/8 dev lo scope link
default via 10.4.44.1 dev eth0
It looks like I'm missing one of the routes I've added, but I can only ever
get one route to appear there.
Last point: I'm currently using a 2.2.16-22 kernel, with the iproute2 tools
installed.
Here's the appropriate section of my .config:
#
# Networking options
#
CONFIG_PACKET=y
CONFIG_NETLINK=y
CONFIG_RTNETLINK=y
CONFIG_NETLINK_DEV=y
CONFIG_FIREWALL=y
CONFIG_FILTER=y
CONFIG_UNIX=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_TOS=y
CONFIG_IP_ROUTE_VERBOSE=y
CONFIG_IP_ROUTE_LARGE_TABLES=y
CONFIG_IP_ROUTE_NAT=y
# CONFIG_IP_PNP is not set
CONFIG_IP_FIREWALL=y
CONFIG_IP_FIREWALL_NETLINK=y
CONFIG_NETLINK_DEV=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_TRANSPARENT_PROXY=y
CONFIG_IP_MASQUERADE=y
Any further ideas?
I seem to be close, but missing some crucial step ;)
Thanks for the help,
Ross
-----Original Message-----
From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]On
Behalf Of Kristian Hoffmann
Sent: Tuesday, December 04, 2001 11:15 PM
To: lartc@mailman.ds9a.nl
Subject: Re: [LARTC] multiple gateway problem
I think the second addess on the inner-most machine would be
necessary. The inner machine could even have two private addresses and
have your two routers do NAT. Then setup multiple routing tables with
different default gateways (one 10.4.44.1, the other 10.4.44.2) and policy
routing rules on your inner machine. Then outgoing traffic can be sent
through either internet connection.
Ex.
ip rule add from 10.4.44.11 table 100
ip route add default table 100 via 10.4.44.1
ip rule add from 10.4.44.12 table 101
ip route add default table 101 via 10.4.44.2
It also helps sometimes to add the contents of your main routing table to
any others you setup that have default routes since nothing will get past
the default route in that table.
-Kristian
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
next prev parent reply other threads:[~2001-12-06 17:13 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-12-03 18:13 [LARTC] multiple gateway problem Ross Simpson
2001-12-04 14:48 ` Jorge Castellet
2001-12-04 17:54 ` Whit Blauvelt
2001-12-04 21:09 ` Ross Simpson
2001-12-04 21:31 ` Whit Blauvelt
2001-12-05 7:14 ` Kristian Hoffmann
2001-12-06 17:13 ` Ross Simpson [this message]
2001-12-06 17:44 ` Whit Blauvelt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-100765881914599@msgid-missing \
--to=simpsora@usa.net \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.