[LARTC] Multiple Internet Links problem

[LARTC] Multiple Internet Links problem

[Stephen]

I have a network as such
 
Local Interface
eth0 local network 10.0.0.0
 
Internet Interfaces
ppp0 public static ip1
eth1 adsl static ip2
eth2 cable dyn ip3
 
 
I am trying to set my iproute2 table such that if any external connection
eg. a ping packet, comes up ppp0 to ip1, the reply packet goes back the
same way with the source ip of that interface. So if a ping request then
came to eth1 ip2 via that link from an external machine then the reply
packet would leave as source ip2 via eth1, and the same for eth2.
 
I have tried numerous examples but cannot get this working. I would prefer
to do this without using fwmark.
 
Any working examples will put me out of my prolonged agony :)
 
Here is one example of what I have been trying.

ip rule add to privatenetwork pref 100 table eth0
ip rule add from default dev eth2 pref 200 table eth2
ip rule add from default dev ppp0 pref 500 table ppp0
ip rule add from default dev eth1 pref 600 table eth1
ip rule add from privatenetwork pref 5000 table eth0
ip rule add from pppip pref 5001 table ppp0

ip route add to random_external_subnet via eth1gwip dev eth1
ip route add default from privatenetwork dev eth2 table eth0
ip route add to random_external_subnet via eth2gwip dev eth2
ip route add to privatenetwork dev eth0 table eth0
route add default dev ppp0
ip route add default dev ppp0 table ppp0
ip route add default dev eth0 table eth0
ip route add default via eth1gwip dev eth1 table eth1
ip route add default via eth2gwip dev eth2 table eth2
ip route add from eth1ip via eth1gwip dev eth1 table eth1
ip route add from eth1ip via eth2gwip dev eth2 table eth2


Thanks
Stephen


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/

Re: [LARTC] Multiple Internet Links problem

[Julian Anastasov]

	Hello,

On Wed, 12 Dec 2001, Stephen wrote:

> Here is one example of what I have been trying.

	Such order of rules and routes is not the recommended one.
Use the links below to see how similar setups are handled, there are
some rules you must follow. You can try them if you still don't
prefer to use fwmarks. What is your preferred kernel?

http://www.linuxvirtualserver.org/~julian/nano.txt
http://www.linuxvirtualserver.org/~julian/#routes

> ip rule add to privatenetwork pref 100 table eth0
> ip rule add from default dev eth2 pref 200 table eth2
> ip rule add from default dev ppp0 pref 500 table ppp0
> ip rule add from default dev eth1 pref 600 table eth1
> ip rule add from privatenetwork pref 5000 table eth0
> ip rule add from pppip pref 5001 table ppp0
>
> ip route add to random_external_subnet via eth1gwip dev eth1
> ip route add default from privatenetwork dev eth2 table eth0
> ip route add to random_external_subnet via eth2gwip dev eth2
> ip route add to privatenetwork dev eth0 table eth0
> route add default dev ppp0
> ip route add default dev ppp0 table ppp0
> ip route add default dev eth0 table eth0
> ip route add default via eth1gwip dev eth1 table eth1
> ip route add default via eth2gwip dev eth2 table eth2
> ip route add from eth1ip via eth1gwip dev eth1 table eth1
> ip route add from eth1ip via eth2gwip dev eth2 table eth2
>
>
> Thanks
> Stephen

Regards

--
Julian Anastasov <ja@ssi.bg>


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/

Re: [LARTC] Multiple Internet Links problem

[Stephen]

Julian I am already using a kernel patched with your routes-2.2.19 patch

here is an example of my rule and route list i am presently trying and the
errors i am getting. I have 202.1.1.0/25 + 2 other ips on ppp0 my main
static ip link. The 202.2.2 is my adsl on eth1. 202.3.3 is my cable
on eth2 which i try to route all my clients from 202.1.1.128/25 out of by
default.

I have built these on a working example of
ip ru add from 202.3.3.153/32 table 1
ip ro add 0.0.0.0/0 via 202.3.3.129 table 1


which ensures all data going to the cable ip leaves back out that
interface while my default gateway is still ppp0. Building on this however
causes problems


ip ru add from 202.1.1.0/25 pref 100 table ppp0
ip ru add from 202.1.1.151/32 pref 100 table ppp0
ip ru add from 202.1.1.152/32 pref 100 table ppp0
ip ru add from 202.1.1.128/25 pref 100 table eth0
ip ru add from 202.2.2.18/31 pref 200 table eth1
ip ru add from 202.2.2.20/31 pref 200 table eth1
ip ru add from 202.2.2.22/32 pref 200 table eth1
ip ru add from 202.3.3.153/32 pref 300 table eth2

ip ro add to 202.1.1.128/25 pref 1 dev eth0 table ppp0
ip ro add to 202.1.1.128/25 pref 1 dev eth0 table eth0
ip ro add to 202.1.1.128/25 pref 1 dev eth0 table eth1
ip ro add to 202.1.1.128/25 pref 1 dev eth0 table eth2
ip ro add 0.0.0.0/0 dev ppp0 table ppp0
ip ro add 0.0.0.0/0 dev ppp0 
ip ro add 0.0.0.0/0 via 202.2.2.17 table eth1
ip ro add 0.0.0.0/0 via 202.3.3.129 table eth2
ip ro add from 202.1.1.128/25 via 202.3.3.129 table eth2




+ ip ru add from 202.1.1.0/25 pref 100 table ppp0
+ ip ru add from 202.1.1.151/32 pref 100 table ppp0
+ ip ru add from 202.1.1.152/32 pref 100 table ppp0
+ ip ru add from 202.1.1.128/25 pref 100 table eth0
+ ip ru add from 202.2.2.18/31 pref 200 table eth1
+ ip ru add from 202.2.2.20/31 pref 200 table eth1
+ ip ru add from 202.2.2.22/32 pref 200 table eth1
+ ip ru add from 202.3.3.153/32 pref 300 table eth2
+ ip ro add to 202.1.1.128/25 pref 1 dev eth0 table ppp0
RTNETLINK answers: File exists
+ ip ro add to 202.1.1.128/25 pref 1 dev eth0 table eth0
RTNETLINK answers: File exists
+ ip ro add to 202.1.1.128/25 pref 1 dev eth0 table eth1
RTNETLINK answers: File exists
+ ip ro add to 202.1.1.128/25 pref 1 dev eth0 table eth2
RTNETLINK answers: File exists
+ ip ro add 0.0.0.0/0 dev ppp0 table ppp0
RTNETLINK answers: File exists
+ ip ro add 0.0.0.0/0 dev ppp0
+ ip ro add 0.0.0.0/0 via 202.2.2.17 table eth1
+ ip ro add 0.0.0.0/0 via 202.3.3.129 table eth2
+ ip ro add from 202.1.1.128/25 via 202.3.3.129 table eth2
RTNETLINK answers: File exists
+ exit 0



On Tue, 11 Dec 2001, Julian Anastasov wrote:

> Date: Tue, 11 Dec 2001 23:50:56 +0000 (GMT)
> From: Julian Anastasov <ja@ssi.bg>
> To: Stephen <meridian@tha.net>
> Cc: lartc@mailman.ds9a.nl
> Subject: Re: [LARTC] Multiple Internet Links problem
> 
> 
> 	Hello,
> 
> On Wed, 12 Dec 2001, Stephen wrote:
> 
> > Here is one example of what I have been trying.
> 
> 	Such order of rules and routes is not the recommended one.
> Use the links below to see how similar setups are handled, there are
> some rules you must follow. You can try them if you still don't
> prefer to use fwmarks. What is your preferred kernel?
> 
> http://www.linuxvirtualserver.org/~julian/nano.txt
> http://www.linuxvirtualserver.org/~julian/#routes
> 
> > ip rule add to privatenetwork pref 100 table eth0
> > ip rule add from default dev eth2 pref 200 table eth2
> > ip rule add from default dev ppp0 pref 500 table ppp0
> > ip rule add from default dev eth1 pref 600 table eth1
> > ip rule add from privatenetwork pref 5000 table eth0
> > ip rule add from pppip pref 5001 table ppp0
> >
> > ip route add to random_external_subnet via eth1gwip dev eth1
> > ip route add default from privatenetwork dev eth2 table eth0
> > ip route add to random_external_subnet via eth2gwip dev eth2
> > ip route add to privatenetwork dev eth0 table eth0
> > route add default dev ppp0
> > ip route add default dev ppp0 table ppp0
> > ip route add default dev eth0 table eth0
> > ip route add default via eth1gwip dev eth1 table eth1
> > ip route add default via eth2gwip dev eth2 table eth2
> > ip route add from eth1ip via eth1gwip dev eth1 table eth1
> > ip route add from eth1ip via eth2gwip dev eth2 table eth2
> >
> >
> > Thanks
> > Stephen
> 
> Regards
> 
> --
> Julian Anastasov <ja@ssi.bg>
> 


Stephen Fletcher
mailto:stephen@tha.net
Technologically Higher Altitudes
http://www.tha.com.au


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/

Re: [LARTC] Multiple Internet Links problem

[Julian Anastasov]

	Hello,

On Thu, 13 Dec 2001, Stephen wrote:

> Julian I am already using a kernel patched with your routes-2.2.19 patch

	Oh! But did you read the documents?

> here is an example of my rule and route list i am presently trying and the
> errors i am getting. I have 202.1.1.0/25 + 2 other ips on ppp0 my main
> static ip link. The 202.2.2 is my adsl on eth1. 202.3.3 is my cable
> on eth2 which i try to route all my clients from 202.1.1.128/25 out of by
> default.

	No, there are some rules you must follow:

- remove all your default routes from table main

- table main must be reached from rule with lowest priority
but after table local

- when adding IP address the proper network routes is automatically
added from the kernel: this is the reason for your error messages

- all directly connected networks must be added to table main,
it includes all host routes (/32). Don't try to introduce errors
by using extra tables. It could work if you do them correctly.

- add ip rules and routes: source routes to universe - for each
public network add rules in the form "from pubnet/netsize to all table X"
and then add default routes through each gateway. As result, the gatewayed
routes are with lower priority (higher prio number) from the
directly connected networks

	As result, all direct routes (without gateway) are in
table main and the hosts from all networks can talk directly IP
and ARP without hiting wrong gatewayed route by mistake.

- at the end add "from all to all" rules and routes. You can select
different form: multipath routes or list of alternative routes.
The howtos mention about different variants. Even if the Nano-HOWTO is
for 2.4 all its rules and routes work for 2.2. There is a
complete list of all settings.

- In all routes use preferred source address (src XXX)

	I don't see your IPs, so use something like this:

ip route del default
ip addr add 202.1.1.X/25 brd + dev eth0
ip addr add 202.2.2.X/Y brd + dev eth1
ip route add 202.3.3.153/32 dev eth2 src XXX
...

No, it is a full mess. I can't show you the right settings
because I don't see the full picture: addresses, topology, etc.
I hope you understand your setup. Try to follow the above rules.
Use source routing only for routes to universe.

Regards

--
Julian Anastasov <ja@ssi.bg>


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/

Re: [LARTC] Multiple Internet Links problem

[Stephen]

Thanks for that. I have it working now.

Here is my much neater route table. My rules look scarey but I think thats
ok. Sorry Im still using a few tables :)

ip ro add 0.0.0.0/0 dev ppp0 proto static table main
ip ro add 0.0.0.0/0 dev eth0 proto static table eth0
ip ro add 0.0.0.0/0 via 202.2.2.17 dev eth1 proto static table eth1
ip ro add 0.0.0.0/0 via 202.3.3.129 dev eth2 proto static table eth2
ip ro add from 202.1.1.128/25 via 202.3.3.129 proto static table eth2


My question is tho, I have your route patch in my kernel, but if I do a
ifconfig eth1 down and then ifconfig eth1 up, stuff that was headed out
eth1 before the down/up now goes out the default route ppp0 until I re-add
the eth1 route. I believe that with your patch the routes should stay?

Thanks again


> On Thu, 13 Dec 2001, Stephen wrote:
> 
> > Julian I am already using a kernel patched with your routes-2.2.19 patch
> 
> 	Oh! But did you read the documents?
> 
> > here is an example of my rule and route list i am presently trying and the
> > errors i am getting. I have 202.1.1.0/25 + 2 other ips on ppp0 my main
> > static ip link. The 202.2.2 is my adsl on eth1. 202.3.3 is my cable
> > on eth2 which i try to route all my clients from 202.1.1.128/25 out of by
> > default.
> 
> 	No, there are some rules you must follow:
> 
> - remove all your default routes from table main
> 
> - all directly connected networks must be added to table main,
> it includes all host routes (/32). Don't try to introduce errors
> by using extra tables. It could work if you do them correctly.
> 
> 	As result, all direct routes (without gateway) are in
> table main and the hosts from all networks can talk directly IP
> and ARP without hiting wrong gatewayed route by mistake.
> 


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/

Re: [LARTC] Multiple Internet Links problem

[Julian Anastasov]

	Hello,

On Fri, 14 Dec 2001, Stephen wrote:

> Thanks for that. I have it working now.
>
> Here is my much neater route table. My rules look scarey but I think thats
> ok. Sorry Im still using a few tables :)
>
> ip ro add 0.0.0.0/0 dev ppp0 proto static table main
> ip ro add 0.0.0.0/0 dev eth0 proto static table eth0
> ip ro add 0.0.0.0/0 via 202.2.2.17 dev eth1 proto static table eth1
> ip ro add 0.0.0.0/0 via 202.3.3.129 dev eth2 proto static table eth2
> ip ro add from 202.1.1.128/25 via 202.3.3.129 proto static table eth2

	I still don't understand your setup ...

> My question is tho, I have your route patch in my kernel, but if I do a
> ifconfig eth1 down and then ifconfig eth1 up, stuff that was headed out
> eth1 before the down/up now goes out the default route ppp0 until I re-add
> the eth1 route. I believe that with your patch the routes should stay?

	I can confirm a problem with static routes that remain in dead state
but I don't understand your question. Is this the same problem you are
talking about?

> Thanks again

Regards

--
Julian Anastasov <ja@ssi.bg>


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/

Re: [LARTC] Multiple Internet Links problem

[Julian Anastasov]

	Hello,

On Fri, 14 Dec 2001 Stephen@tha.net wrote:

> > 	I can confirm a problem with static routes that remain in dead state
> > but I don't understand your question. Is this the same problem you are
> > talking about?
> >
>
> yes this was what i was having a problem with. is there any work around to get
> these dead routes alive again without readding them?

	I just uploaded new versions for the patches fixing the bug
where some of the static routes can not notice that their gateway becomes
up from the same event.

Regards

--
Julian Anastasov <ja@ssi.bg>


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/