* [LARTC] Multi Routing Problem
@ 2002-08-18 16:26 Arindam Haldar
2002-08-18 21:03 ` Arindam Haldar
0 siblings, 1 reply; 5+ messages in thread
From: Arindam Haldar @ 2002-08-18 16:26 UTC (permalink / raw)
To: lartc
hi all,
i am trying to do some advance routing for our clients on a multi route
platform !.. at present am trying on a test bed.. i followed the example
& applied julian's patch to kernel 2.4.19 & have gone thru the docs at
the site... i have defined basically 3 groups for clients--> cache,
cisco, balance.. the name specifies the importance.. this is the details
of what i did-->
[root@Lr1 root]# ip rule ls
0: from all lookup local
10: from EXTnA.124/25 lookup ONE
20: from EXTnB.106/26 lookup TWO
100: from 192.168.1.10 lookup CACHE
101: from 192.168.1.20 lookup CISCO
150: from 192.168.1.30 lookup BALANCE
200: from all lookup ME
32766: from all lookup main
32767: from all lookup 253
[root@Lr1 root]# ip route ls ta ONE
default via EXtnA.1 dev eth1 src EXTnA.124
prohibit default proto static metric 1
[root@Lr1 root]# ip route ls ta TWO
default via EXTnB.70 dev eth0 src EXTnB.106
prohibit default proto static metric 1
[root@Lr1 root]# ip route ls ta CACHE
default via EXTnA.1 dev eth1
prohibit default proto static metric 1
[root@Lr1 root]# ip route ls ta CISCO
default via EXTnB.70 dev eth0
prohibit default proto static metric 1
[root@Lr1 root]# ip route ls ta BALANCE
default
nexthop via EXTnB.70 dev eth0 weight 1
nexthop via EXTnA.1 dev eth1 weight 1
prohibit default proto static metric 1
[root@Lr1 root]# ip route ls ta ME
default
nexthop via EXTnA.1 dev eth1 weight 1
nexthop via EXTnB.70 dev eth0 weight 1
prohibit default proto static metric 1
[root@Lr1 root]# ip addr ls
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:50:bf:4b:f7:84 brd ff:ff:ff:ff:ff:ff
inet EXTnB.106/26 brd EXTnB.127 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:80:c8:b9:69:99 brd ff:ff:ff:ff:ff:ff
inet EXTnA.124/25 brd EXTnA.127 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:80:c8:b9:69:9a brd ff:ff:ff:ff:ff:ff
inet 192.168.0.1/16 brd 192.168.255.255 scope global eth2
[root@Lr1 root]# ip route ls
203.163.146.64/26 dev eth0 scope link
203.163.149.0/25 dev eth1 scope link
192.168.0.0/16 dev eth2 proto kernel scope link src 192.168.0.1
127.0.0.0/8 dev lo scope link
here ONE & TWO are the two external links.. ME is used for local server
DNS deamon.. the other three viz CACHE CISCO BALANCE are the routes the
clients ip's must follow.. i have enabled ip_forward .. & iptables rules
are also specified correct .. i.e according to the ip..
BUT am **NOT** able to surf at all from internal network... not even
able to ping eth2 !!!.. default INPUT & OUTPUT are set to ACCEPT while
FORWARD is DROP..
whats missing there ?.. after trying all day i want guidance now...
awaiting a reply very anxiously....
A.H
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 5+ messages in thread
* [LARTC] Multi Routing Problem
2002-08-18 16:26 Arindam Haldar
@ 2002-08-18 21:03 ` Arindam Haldar
0 siblings, 0 replies; 5+ messages in thread
From: Arindam Haldar @ 2002-08-18 21:03 UTC (permalink / raw)
To: lartc
hi all,
i am trying to do some advance routing for our clients on a multi route
platform !.. at present am trying on a test bed.. i followed the example
& applied julian's patch to kernel 2.4.19 & have gone thru the docs at
the site... i have defined basically 3 groups for clients--> cache,
cisco, balance.. the name specifies the importance.. this is the details
of what i did-->
[root@Lr1 root]# ip rule ls
0: from all lookup local
10: from EXTnA.124/25 lookup ONE
20: from EXTnB.106/26 lookup TWO
100: from 192.168.1.10 lookup CACHE
101: from 192.168.1.20 lookup CISCO
150: from 192.168.1.30 lookup BALANCE
200: from all lookup ME
32766: from all lookup main
32767: from all lookup 253
[root@Lr1 root]# ip route ls ta ONE
default via EXtnA.1 dev eth1 src EXTnA.124
prohibit default proto static metric 1
[root@Lr1 root]# ip route ls ta TWO
default via EXTnB.70 dev eth0 src EXTnB.106
prohibit default proto static metric 1
[root@Lr1 root]# ip route ls ta CACHE
default via EXTnA.1 dev eth1
prohibit default proto static metric 1
[root@Lr1 root]# ip route ls ta CISCO
default via EXTnB.70 dev eth0
prohibit default proto static metric 1
[root@Lr1 root]# ip route ls ta BALANCE
default
nexthop via EXTnB.70 dev eth0 weight 1
nexthop via EXTnA.1 dev eth1 weight 1
prohibit default proto static metric 1
[root@Lr1 root]# ip route ls ta ME
default
nexthop via EXTnA.1 dev eth1 weight 1
nexthop via EXTnB.70 dev eth0 weight 1
prohibit default proto static metric 1
[root@Lr1 root]# ip addr ls
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:50:bf:4b:f7:84 brd ff:ff:ff:ff:ff:ff
inet EXTnB.106/26 brd EXTnB.127 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:80:c8:b9:69:99 brd ff:ff:ff:ff:ff:ff
inet EXTnA.124/25 brd EXTnA.127 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:80:c8:b9:69:9a brd ff:ff:ff:ff:ff:ff
inet 192.168.0.1/16 brd 192.168.255.255 scope global eth2
[root@Lr1 root]# ip route ls
203.163.146.64/26 dev eth0 scope link
203.163.149.0/25 dev eth1 scope link
192.168.0.0/16 dev eth2 proto kernel scope link src 192.168.0.1
127.0.0.0/8 dev lo scope link
here ONE & TWO are the two external links.. ME is used for local server
DNS deamon.. the other three viz CACHE CISCO BALANCE are the routes the
clients ip's must follow.. i have enabled ip_forward .. & iptables rules
are also specified correct .. i.e according to the ip..
BUT am **NOT** able to surf at all from internal network... not even
able to ping eth2 !!!.. default INPUT & OUTPUT are set to ACCEPT while
FORWARD is DROP..
whats missing there ?.. after trying all day i want guidance now...
awaiting a reply very anxiously....
A.H
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 5+ messages in thread
* [LARTC] Multi Routing Problem.
@ 2002-08-19 8:31 Arindam Haldar
2002-08-20 21:10 ` Julian Anastasov
2002-08-21 11:10 ` Arindam Haldar
0 siblings, 2 replies; 5+ messages in thread
From: Arindam Haldar @ 2002-08-19 8:31 UTC (permalink / raw)
To: lartc
hi all,
i am trying to do some advance routing for our clients on a multi route
platform !.. at present am trying on a test bed.. i followed the example
& applied julian's patch to kernel 2.4.19 & have gone thru the docs at
the site... i have defined basically 3 groups for clients--> cache,
cisco, balance.. the name specifies the importance.. this is the details
of what i did-->
[root@Lr1 root]# ip rule ls
0: from all lookup local
10: from EXTnA.124/25 lookup ONE
20: from EXTnB.106/26 lookup TWO
100: from 192.168.1.10 lookup CACHE
101: from 192.168.1.20 lookup CISCO
150: from 192.168.1.30 lookup BALANCE
200: from all lookup ME
32766: from all lookup main
32767: from all lookup 253
[root@Lr1 root]# ip route ls ta ONE
default via EXtnA.1 dev eth1 src EXTnA.124
prohibit default proto static metric 1
[root@Lr1 root]# ip route ls ta TWO
default via EXTnB.70 dev eth0 src EXTnB.106
prohibit default proto static metric 1
[root@Lr1 root]# ip route ls ta CACHE
default via EXTnA.1 dev eth1
prohibit default proto static metric 1
[root@Lr1 root]# ip route ls ta CISCO
default via EXTnB.70 dev eth0
prohibit default proto static metric 1
[root@Lr1 root]# ip route ls ta BALANCE
default
nexthop via EXTnB.70 dev eth0 weight 1
nexthop via EXTnA.1 dev eth1 weight 1
prohibit default proto static metric 1
[root@Lr1 root]# ip route ls ta ME
default
nexthop via EXTnA.1 dev eth1 weight 1
nexthop via EXTnB.70 dev eth0 weight 1
prohibit default proto static metric 1
[root@Lr1 root]# ip addr ls
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:50:bf:4b:f7:84 brd ff:ff:ff:ff:ff:ff
inet EXTnB.106/26 brd EXTnB.127 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:80:c8:b9:69:99 brd ff:ff:ff:ff:ff:ff
inet EXTnA.124/25 brd EXTnA.127 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:80:c8:b9:69:9a brd ff:ff:ff:ff:ff:ff
inet 192.168.0.1/16 brd 192.168.255.255 scope global eth2
[root@Lr1 root]# ip route ls
203.163.146.64/26 dev eth0 scope link
203.163.149.0/25 dev eth1 scope link
192.168.0.0/16 dev eth2 proto kernel scope link src 192.168.0.1
127.0.0.0/8 dev lo scope link
here ONE & TWO are the two external links.. ME is used for local server
DNS deamon.. the other three viz CACHE CISCO BALANCE are the routes the
clients ip's must follow.. i have enabled ip_forward .. & iptables rules
are also specified correct .. i.e according to the ip..
BUT am **NOT** able to surf at all from internal network... not even
able to ping eth2 !!!.. default INPUT & OUTPUT are set to ACCEPT while
FORWARD is DROP..
whats missing there ?.. after trying all day i want guidance now...
awaiting a reply very anxiously....
A.H
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LARTC] Multi Routing Problem.
2002-08-19 8:31 [LARTC] Multi Routing Problem Arindam Haldar
@ 2002-08-20 21:10 ` Julian Anastasov
2002-08-21 11:10 ` Arindam Haldar
1 sibling, 0 replies; 5+ messages in thread
From: Julian Anastasov @ 2002-08-20 21:10 UTC (permalink / raw)
To: lartc
Hello,
On Mon, 19 Aug 2002, Arindam Haldar wrote:
> & applied julian's patch to kernel 2.4.19 & have gone thru the docs at
> the site... i have defined basically 3 groups for clients--> cache,
> cisco, balance.. the name specifies the importance.. this is the details
> of what i did-->
Carefully analyze the docs...
> [root@Lr1 root]# ip rule ls
> 0: from all lookup local
# direct communications are first priority
ip rule add prio 5 table main
> 10: from EXTnA.124/25 lookup ONE
> 20: from EXTnB.106/26 lookup TWO
> 100: from 192.168.1.10 lookup CACHE
> 101: from 192.168.1.20 lookup CISCO
> 150: from 192.168.1.30 lookup BALANCE
> 200: from all lookup ME
> 32766: from all lookup main
> 32767: from all lookup 253
> BUT am **NOT** able to surf at all from internal network... not even
> able to ping eth2 !!!.. default INPUT & OUTPUT are set to ACCEPT while
> FORWARD is DROP..
First try with all ACCEPT.
> whats missing there ?.. after trying all day i want guidance now...
> awaiting a reply very anxiously....
Your setup is a bit strange: internal hosts use some gateways,
the external addresses use different gateways. The problem is that
if you are using NAT and for example 192.168.1.10 is SNAT-ed the
packet will leave with new saddr (the masquerade address). Looking
in your rules there is different gateway for the masquerade
address. This can't work. The current framework requires that:
- if one internal IP is masqueraded to a specific address, you
need the 2 routes to be similar, i.e.:
from INT_IP to TARGET
and
from MASQ_IP to TARGET
to use same gateway and device. This is even mandatory for the
patches. Currently, the first packet for one connection is routed
via the route "from INT_IP to TARGET", the SNAT rules assign
masquerade address at postrouting and then all next packets are
routed via the 2nd route - 1 route per forwarded packet. It is a
bit strange these two routes to use different gateways. Do you
have a good reason for this?
Also note that rules in the form "from 0/0 to ANY_TARGET"
where ANY_TARGET can be any subnet including 0/0 are used for
source address autoselection - the resulting preferred source IP
is used as saddr. It is not used only as "default" rule. So,
playing tricks with different gateways is not possible. The
setup is ambiguous if NAT is involved.
> A.H
Regards
--
Julian Anastasov <ja@ssi.bg>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LARTC] Multi Routing Problem.
2002-08-19 8:31 [LARTC] Multi Routing Problem Arindam Haldar
2002-08-20 21:10 ` Julian Anastasov
@ 2002-08-21 11:10 ` Arindam Haldar
1 sibling, 0 replies; 5+ messages in thread
From: Arindam Haldar @ 2002-08-21 11:10 UTC (permalink / raw)
To: lartc
hi again, :)
i tried again & now am succesfull.. :) this is my script
#!/bin/sh
ipr="/sbin/ip"
NetExtA="...6.64/26"
IPExtA="....6.106"
GtExtA="....6.70"
NetExtB="...9.0/25"
IPExtB="....9.124"
GtExtB="....9.1"
Netlcl="172.31.13.0/24"
IPlcl="172.31.13.1"
NetgrpA="172.31.13.10/31"
NetgrpB="172.31.13.20/31"
NetgrpC="172.31.13.30/31"
$ipr rule del prio 99 from $NetExtA
$ipr rule del prio 98 from $NetgrpA
$ipr rule del prio 74 from $NetExtB
$ipr rule del prio 73 from $NetgrpB
$ipr rule del prio 49 from $NetgrpC
# $ipr rule del prio 48
echo 100 EXTnA >> /etc/iproute2/rt_tables
echo 75 EXTnB >> /etc/iproute2/rt_tables
echo 50 BALANCE >> /etc/iproute2/rt_tables
$ipr rule add prio 99 from $NetExtA table EXTnA
$ipr rule add prio 98 from $NetgrpA table EXTnA
$ipr rule add prio 74 from $NetExtB table EXTnB
$ipr rule add prio 73 from $NetgrpB table EXTnB
$ipr rule add prio 49 from $NetgrpC table BALANCE
# $ipr rule add prio 48 table BALANCE
$ipr route add default table EXTnB via $GtExtB dev eth1 src $IPExtB
$ipr route add $NetgrpB via $IPlcl dev eth2 table EXTnB
$ipr route add default table EXTnA via $GtExtA dev eth0 src $IPExtA
$ipr route add $NetgrpA via $IPlcl dev eth2 table EXTnB
$ipr route add default table BALANCE nexthop via $GtExtB dev eth1
nexthop via $GtExtA dev eth0
$ipr route add $NetgrpC via $IPlcl dev eth2 table EXTnB
things work fine from the client's end, and follows the
routing/balancing as defined.. but when i use **2 append ** ip route
commands to table BALANCE--viz
ip route append default via $GtExtB dev eth1 ta BALANCE
ip route append default via $GtExtA dev eth0 ta BALANCE
then everything **STOPS**... WHY ????
julian u wrote in ur mail about adding >>>ip rule add prio 5 ta main
& i also saw it in the docs too but i couldnt understand the
importance.. more so coz there was no routing attached to this prio..
will the default route of ta main(32766) be carried to table main (prio
5) ??.. can u please tell me more about it ?...
awaitng a reply
thanking u in advance
A.H
Julian Anastasov wrote:
> Hello,
>
> On Mon, 19 Aug 2002, Arindam Haldar wrote:
>
>
>>& applied julian's patch to kernel 2.4.19 & have gone thru the docs at
>>the site... i have defined basically 3 groups for clients--> cache,
>>cisco, balance.. the name specifies the importance.. this is the details
>>of what i did-->
>
>
> Carefully analyze the docs...
>
>
>>[root@Lr1 root]# ip rule ls
>>0: from all lookup local
>
>
> # direct communications are first priority
> ip rule add prio 5 table main
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2002-08-21 11:10 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-08-19 8:31 [LARTC] Multi Routing Problem Arindam Haldar
2002-08-20 21:10 ` Julian Anastasov
2002-08-21 11:10 ` Arindam Haldar
-- strict thread matches above, loose matches on Subject: below --
2002-08-18 16:26 Arindam Haldar
2002-08-18 21:03 ` Arindam Haldar
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.