All of lore.kernel.org
 help / color / mirror / Atom feed
From: Wojciech Sobola <Wojciech.Sobola@snt.pl>
To: lartc@vger.kernel.org
Subject: [LARTC] Routing with two gateways and e-mail traffic
Date: Fri, 14 Dec 2001 09:48:30 +0000	[thread overview]
Message-ID: <marc-lartc-100832343908911@msgid-missing> (raw)

Hello,

I have following problem with multiple gateways.
Question is: why e-mail traffic goes throught eth2? I want to pass all
e-mail traffic throught eth0 (10.48.32.1) without multiple connections
to the same destination through ONLY ONE gateway. Is it possible to
switch off load balancing(??) between gateways? I want it to be static.
Is there any way to save and restore settings from ip tool like iptables
does? (iptables-save, restore)

Here We go (addresses changed because of security):

# ip addr
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:04:ac:d9:7f:7c brd ff:ff:ff:ff:ff:ff
    inet 10.48.32.10/16 brd 10.48.255.255 scope global eth0
    inet 10.48.32.3/24 brd 10.48.32.255 scope global eth0:1
    inet x.x.156.102/29 brd x.x.156.103 scope global eth0:2
4: eth2: <BROADCAST,UP> mtu 1500 qdisc pfifo_fast qlen 150
    link/ether 00:c0:f0:4d:e2:13 brd ff:ff:ff:ff:ff:ff
    inet x.x.153.158/30 brd x.x.153.159 scope global eth2

# ip rule show
0:      from all lookup local
32761:  from x.x.153.158 lookup formus2
32762:  from 192.168.100.0/24 lookup formus2
32763:  from 10.48.32.10 fwmark        4 lookup formus2
32764:  from 0.0.0.0 fwmark        2 lookup rose
32765:  from 10.48.64.2 lookup formus2
32766:  from all lookup main
32767:  from all lookup default

# iptables -L -n -v -x -t mangle
Chain PREROUTING (policy ACCEPT 3738441 packets, 2204536651 bytes)
    pkts      bytes target     prot opt in     out  source
destination
93282 68889253 MARK       all  --  *      * 0.0.0.0/0
x.x.153.158      MARK set 0x5
141     6309 MARK       tcp  --  *      * ! x.x.153.158
x.x.153.158      tcp dpt:2000 MARK set 0x3
21289  5294990 MARK       tcp  --  eth0   * 0.0.0.0/0
10.48.32.10        tcp dpt:8080 MARK set 0x4
8239  1870997 TOS        tcp  --  *      * 0.0.0.0/0
0.0.0.0/0          tcp spt:22 TOS set 0x10
101040  7491165 TOS        tcp  --  *      * 0.0.0.0/0
0.0.0.0/0          tcp dpt:22 TOS set 0x10

Chain OUTPUT (policy ACCEPT 981349 packets, 622327299 bytes)
    pkts      bytes target     prot opt in     outq
source               destination
   13918  1479670 MARK       tcp  --  *      *       10.48.32.10
!10.0.0.0/8         tcp dpt:80 MARK set 0x4
   12612 15769675 MARK       tcp  --  *      *       10.48.32.10
!10.0.0.0/8         tcp dpt:25 MARK set 0x2
   18605  3526169 MARK       all  --  *      *       10.48.64.2
!10.0.0.0/8         MARK set 0x4
   12584  1208166 TOS        tcp  --  *      *
10.48.32.10          0.0.0.0/0          tcp dpt:80 TOS set 0x08

# ip route list tab formus2
10.0.0.0/8 via 10.48.32.1 dev eth0  proto kernel
default via x.x.153.157 dev eth2

# ip route list tab rose
default via 10.48.32.1 dev eth0

# ip route list tab main
10.48.32.6 dev ppp0  proto kernel  scope link  src 10.48.32.10
10.48.32.1 via 10.48.32.10 dev eth0
x.x.153.156/30 dev eth2  proto kernel  scope link  src x.x.153.158
x.x.156.96/29 dev eth0  proto kernel  scope link  src x.x.156.102
192.168.100.0/24 dev eth1  proto kernel  scope link  src 192.168.100.1
10.48.32.0/24 dev eth0  proto kernel  scope link  src 10.48.32.3
10.48.0.0/16 dev eth0  proto kernel  scope link  src 10.48.32.10
10.0.0.0/8 via 10.48.32.1 dev eth0
127.0.0.0/8 dev lo  scope link
default
        nexthop via 10.48.32.1  dev eth0 weight 1
        nexthop via x.x.153.157  dev eth2 weight 2

# mailq -vs
smtp/nnn.com.pl:
        R/96581-30410: (2 tries, expires in 4d23h) smtp; 500 (connect to

www.nnn.com.pl [x.x.150.125|25|10.48.32.10|35339]:
Connection timed out)

# route -Cn|grep x.x.150.125

10.48.32.10     x.x.150.125 10.48.32.1            0      0        0 eth0

10.48.32.10     x.x.150.125 x.x.153.157         0      0        5 eth2
10.48.32.10     x.x.150.125 x.x.153.157         0      0        0 eth2

(one destination routed throught two interfaces?)

# iptables -L -n -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       all  -- !10.48.0.0/24         10.48.32.3 to:192.168.100.1

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
SNAT       all  --  0.0.0.0/0            0.0.0.0/0          MARK match
0x4 to:62.32.153.158
SNAT       all  --  10.48.64.2          !10.0.0.0/8         to:
x.x.153.158
SNAT       all  --  192.168.100.0/24    !192.168.100.0/24 to:x.x.153.158

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


My networks:

10/8    - intranet
10.48.64.2/32    - me (I want to be routed through eth2 except e-mail
traffic)
others - routed normally through eth0 except squid connections.

I wrote the following startup script:
#!/bin/bash
IP='/sbin/ip'
SRCHOST='10.48.64.2'
D1L='x.x.153.158'
D1R='x.x.153.157'
D2L='10.48.32.10'       # local out if
D2R='10.48.32.1'        # remote out if
HIT='192.168.100.1'     # Hitachi

echo "0" >/proc/sys/net/ipv4/conf/all/rp_filter

$IP link set eth2 dynamic on multicast off txqueuelen 150
$IP route del default via 10.48.32.1 dev eth0
$IP route add default via $D1R dev eth2 table formus2 proto kernel
$IP route add default via $D2R dev eth0 table rose proto kernel
$IP route add to 10/8 via $D2R dev eth0
#$IP route add to $D2R/32 dev eth0 via $D2L
$IP rule add from $SRCHOST table formus2
$IP rule add from all table rose fwmark 02                      # use
rose if mark is 2
$IP rule add from $D2L table formus2 fwmark 04              # Squid from

10.48.32.10 out by eth2
$IP rule add from 192.168.100.0/24 table formus2
$IP rule add from $D1L table formus2
$IP rule add from $D2L table rose
$IP route add proto kernel default nexthop via 10.48.32.1 weight 1 dev
eth0 nexthop via x.x.153.157 weight 2 dev eth2
$IP route add table formus2 from 10.48.64.0/24 to 10/8 via 10.48.32.1
dev eth0 proto kernel
$IP route flush cache

# ip -V
ip utility, iproute2-ss010824

Further thanks,

Wojtek Sobola
Unix System Engineer
S&T Poland




_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/

                 reply	other threads:[~2001-12-14  9:48 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=marc-lartc-100832343908911@msgid-missing \
    --to=wojciech.sobola@snt.pl \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.