RE: [LARTC] Default route - Please Help

From: "Matthieu Turpault" <mt.lartc@comelis.fr>
To: lartc@vger.kernel.org
Subject: RE: [LARTC] Default route - Please Help
Date: Fri, 02 May 2003 09:36:20 +0000	[thread overview]
Message-ID: <marc-lartc-105186826815148@msgid-missing> (raw)
In-Reply-To: <marc-lartc-105180332019719@msgid-missing>

Hi list,

	I have exactly the same problem and I can't manage with doing my network
work.

	In fact, the NAT postrouting is done *after* the routing.
	Consequently, tables fastweb and telecom are never looked.

	I am very interesed by a solution.

My problem is described at this URL (still no answer):
	http://marc.theaimsgroup.com/?l=lartc&m\x105049828901812&w=2

> -----Message d'origine-----
> De : lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]De
> la part de xchris
> Envoyé : jeudi 1 mai 2003 17:33
> À : lartc@mailman.ds9a.nl
> Objet : [LARTC] Default route - Please Help
>
>
> I've read the howto but i still can't let thinghs go in the right way
>
> My box has 4 nic.
> 2 internet connection eth0,eth1
> 1 dmz eth2
> 1 lan eth3
>
>
> I would like to nat the internal lan wih one of the 2 ISP.
> For my tests i created a script to switch the entire lan from one to the
> other (i know it's redundand ....del...add.)
>
> The problem is that NAT is done only if i set the default gateway (in the
> main table)
> I have set the 2 default gateways in the other 2 tables but it
> seems not to
> consider them.
>
> if i set default gateway to ISP1 and set nat rules to go with ISP2 it
> doesn't work!!!
> Why???
>
> my future plan are to let some client go with ISP1 and other with ISP2
>
> Please Help!!!
> Any hint apreciated!!
> Here is my (long) config.
> Bye
>
> xchris
>
>
>
>
> eth0      Link encap:Ethernet  HWaddr 00:04:76:25:07:D9
>           inet addr:192.168.1.237  Bcast:192.168.1.255  Mask:255.255.255.0
>
> eth1      Link encap:Ethernet  HWaddr 00:04:76:25:07:3D
>           inet addr:192.168.3.1  Bcast:192.168.3.255  Mask:255.255.255.0
>
> eth2      Link encap:Ethernet  HWaddr 00:04:76:25:07:67
>           inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
>
> eth3      Link encap:Ethernet  HWaddr 00:04:76:25:07:73
>           inet addr:192.168.0.238  Bcast:192.168.0.255  Mask:255.255.255.0
>
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>
>
> Here is my script (just basic... to test routing.. there's no firewall at
> all)
> it's done to act this way
>
> script 1 -->all lan go with ISP 1
> script 2 -->all lan go with ISP 2
>
>
> echo 1 > /proc/sys/net/ipv4/ip_forward
> route del default
> IF3=eth3
> IF1=eth0
> IF2=eth1
> IP1\x192.168.1.237
> IP2\x192.168.3.1
> IP3\x192.168.0.238
> GW1\x192.168.1.238
> GW2\x192.168.3.254
> P1_NET\x192.168.1.0/24
> P2_NET\x192.168.3.0/24
> P3_NET\x192.168.0.0/24
>
> echo "1 - Creating two additional routing tables"
> echo
> ip route del $P1_NET dev $IF1 src $IP1 table telecom
> ip route add $P1_NET dev $IF1 src $IP1 table telecom
> echo 1
> ip route del default via $GW1 table telecom
> ip route add default via $GW1 table telecom
> echo 2
> ip route del $P2_NET dev $IF2 src $IP2 table fastweb
> ip route add $P2_NET dev $IF2 src $IP2 table fastweb
> echo 3
> ip route del default via $GW2 table fastweb
> ip route add default via $GW2 table fastweb
>
> echo "2 - Setting Main routing tables"
> echo
> ip route del $P1_NET dev $IF1 src $IP1
> ip route del $P2_NET dev $IF2 src $IP2
> ip route add $P1_NET dev $IF1 src $IP1
> ip route add $P2_NET dev $IF2 src $IP2
> ip route add default via $GW2
>
>
> echo "3 - Setting answers from corresponing IPs"
> echo
> ip rule del from $IP1 table telecom
> ip rule del from $IP2 table fastweb
> ip rule add from $IP1 table telecom
> ip rule add from $IP2 table fastweb
>
> ip route add $P3_NET dev $IF3 table telecom
> ip route add $P2_NET dev $IF2 table telecom
> ip route add 127.0.0.0/8 dev lo table telecom
>
> ip route add $P3_NET dev $IF3 table fastweb
> ip route add $P1_NET dev $IF1 table fastweb
> ip route add 127.0.0.0/8 dev lo table fastweb
>
> if test $1 -eq 2
> then
>         iptables -t nat -F
>         iptables -t nat -A POSTROUTING -s 192.168.0.0/24  -j
> SNAT --to-source $IP2
> else
>         iptables -t nat -F
>         iptables -t nat -A POSTROUTING -s 192.168.0.0/24  -j
> SNAT --to-source $IP1
> fi
>
>
>
>
> my /etc/iproute2/rt_tables#
> # reserved values
> #
> 255     local
> 254     main
> 253     default
> 0       unspec
> #
> # local
> #
> #1      inr.ruhep
> 1       telecom
> 2       fastweb
>
>
> ip rule
>
> 0:      from all lookup local
> 32764:  from 192.168.3.1 lookup fastweb
> 32765:  from 192.168.1.237 lookup telecom
> 32766:  from all lookup main
> 32767:  from all lookup default
>
>
> ip route
>
> 192.168.3.0/24 dev eth1  scope link  src 192.168.3.1
> 192.168.2.0/24 dev eth2  proto kernel  scope link  src 192.168.2.1
> 192.168.1.0/24 dev eth0  scope link  src 192.168.1.237
> 192.168.0.0/24 dev eth3  proto kernel  scope link  src 192.168.0.238
> default via 192.168.3.254 dev eth1
>
>
> ip route table telecom
>
> 192.168.3.0/24 dev eth1  scope link
> 192.168.1.0/24 dev eth0  scope link  src 192.168.1.237
> 192.168.0.0/24 dev eth3  scope link
> 127.0.0.0/8 dev lo  scope link
> default via 192.168.1.238 dev eth0
>
>
> ip route table fastweb
>
> 192.168.3.0/24 dev eth1  scope link  src 192.168.3.1
> 192.168.1.0/24 dev eth0  scope link
> 192.168.0.0/24 dev eth3  scope link
> 127.0.0.0/8 dev lo  scope link
> default via 192.168.3.254 dev eth1
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/