From: "Lars Täuber" <taeuber@bbaw.de>
To: lartc@vger.kernel.org
Subject: [LARTC] iproute 2 - src routing
Date: Mon, 02 Jun 2003 15:29:35 +0000 [thread overview]
Message-ID: <marc-lartc-105456793304979@msgid-missing> (raw)
Hi everybody,
i'm responsible for an isdn router, which doesn't work as i want and
expected. Hopefully at least one of you can help us.
We have a private network (192.168.0.0/16) and a standard geteway with a
dafault route to the internet-gateway (a nat-ing firewall).
|private net|-----|standard gateway|
| |
| |nating firewall|-----|internet
|
|locale services|
Now we want a special network get routed through an additional isdn
router for a special subdomain of ours. the foreign network is also
aviable over the intenet but has restrictions on some services form the
internet
|private net|-----|standard gateway|
| |
| |isdn router|---(isdn)--|foreign dialin|--[--
| | [--
| |nating firewall|-----|internet|---------[--
|
|locale services|
so the isdn route should decide by the source address (a privileged
subdomain) which route the traffic goes and nat it if it goes through isdn
the nating is made with iptables
i did the following:
rt_tables :
255 local
254 main
253 default
0 unspec
1 xyz
$ ip route add default via [dialin gw] dev ippp0 table xyz
# ip rule add from [privileged ip-addr] to [target subnet] table xyz
$ ip route flush cache
$ echo 1 > /proc/sys/net/ipv4/conf/all/accept_source_route
the default route is routed to the standard nating firewall, so the
normal traffic should go it's normal old way.
i can ping a host in the target subnet and also traceroute form the
privileged host, but i don't get any connection to a web server.
there also is a strange behaviour (on the isdn gw):
$ ip route get [webserver in target net]
[webserver in target net] dev ippp0 src [ippp0 ip]
cache mtu 1500 advmss 1460
$ ip route get [webserver in target net] from [privileged ip] iif eth0
[webserver in target net] from [privileged ip] dev ippp0 src [eth0 ip]
cache mtu 1500 advmss 1460 iif eth0
is this correct?
why does the icmp traffic goes the right way and the other doesn't?
thanks alot
Regards
Lars Täuber
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
reply other threads:[~2003-06-02 15:29 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-105456793304979@msgid-missing \
--to=taeuber@bbaw.de \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.