Re: [LARTC] Policy routing and strange packets traversing.

From: Tomasz Wrona <lartc@eter.tym.pl>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Policy routing and strange packets traversing.
Date: Sat, 01 Mar 2003 23:33:55 +0000	[thread overview]
Message-ID: <marc-lartc-104656172222107@msgid-missing> (raw)
In-Reply-To: <marc-lartc-104653305330571@msgid-missing>

On Sat, 1 Mar 2003, Julian Anastasov wrote:

> 	This looks a bit strange, it is not needed:
>
> > # To be sure that traffic goes to proper gateway
> > 22:     from 1.1.1.30 lookup 1
> > 22:     from 2.2.2.66 lookup 2

Why, It's the same what You pointed me below... ?

> 	You already have link routes to these IPs in table main
> 	Yes, you don't need them:
>
> > 30:     from all to 1.1.1.29 lookup 1
> > 30:     from all to 2.2.2.65 lookup 2

OK, but I process main table after all manual typed rules... but never
mind its not issue ;)

> > #Balance tables distributes traffic from LAN.
>
> 	Don't expect from Netfilter to use correctly the routing,
> you have to avoid using "iif" when playing with Netfilter. Just
> use "from XXX".

Hmmm... I  cant understand what has netfilter to do with "iif" parameter ?
What I want to achieve is to catch all incoming traffic on eth1..

> > 70:     from all iif eth1 lookup balance
> >
> >
> > # ip r l ta 1
> > default via 1.1.1.29 dev eth2
> > # ip r l ta 2
> > default via 2.2.2.65 dev eth4
> > # ip r l ta balance
> > default
> >         nexthop via 1.1.1.29  dev eth2 weight 2
> >         nexthop via 2.2.2.65  dev eth4 weight 3
> >
> > So. Everything works but I have observed some behaviour what
> > I can't understand..
>
> 	I don't know what works but in theory it should not work,
> you don't have routes that restrict each ISP traffic through its
> gateway. May be in your case each of the ISPs allow spoofing.

Well,look at top of the mail for first rules what You say are wrong..

> > What I expected was that trafic nated to 1.1.1.30 goes throught eth2
> > and traffic nated to 2.2.2.66 goes throught eth4.
>
> 	Then specify it to be so:
>
> ip rule add prio 20 from 1.1.1.30/30 table 1
> ip rule add prio 20 from 2.2.2.66/27 table 2

This is exact the same what firs rules on top of mail, Am I really wrong ?

> 	but you will need rules "from all to all" for
> proper default route selelection and source IP autoselection for
> the masquerading.
>
Balance table catches all traffic from LAN to inet.Thats all what I need.

> The normal kernel can not give you this, you
> need other solutions, eg:
>
> http://www.ssi.bg/~ja/#routes
>
> dgd-usage.txt contains example for rules and routes you can use.

Hmm... Maybe I am wrong but It's related to NAT multiple gateways on
single interface not on different what I have...
There shouldn't be problem what I read in this article.

> > Unfortunatelly when become listening on eth4 with following command:
>
> 	May be it is the POST_ROUTING who is guilty for selecting
> wrong nexthop and you can not notice it, this mistake is visible
> on device output.
>
> > So that I am confused on this packet traversing.. Could someone explain
> > this behaviour ? Is it OK or I have missed something ?
>
> 	You can read about such issues, use the above URL

I will dig it still.

Thank You for support
tw
-- 

----------------
 ck.eter.tym.pl

"Never let shooling disturb Your education"

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/