All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] routing problem!
@ 2002-03-28 10:52 Calin Ciuleanu
  0 siblings, 0 replies; 2+ messages in thread
From: Calin Ciuleanu @ 2002-03-28 10:52 UTC (permalink / raw)
  To: lartc


Hi 
My name is Calin Ciuleanu and i have some routing problem with iproute2
Here is my problem detalied:

i made one tunnel with ip tunnel that works between one cisco and a 
linux box
here is the conf for the tunnel on cisco
interface Tunnel1
 description tunnel to C5
 ip address 217.13.104.233 255.255.255.252
 tunnel source 193.231.111.225
 tunnel destination 193.226.6.227
 tunnel mode ipip
!
on the destination linux box 193.226.6.227 i made this tunnel

#ip tunnel add tunnel0 mode ipip remote 193.231.111.225 local 
193.226.6.227
#ip addr add 217.13.104.234/30 dev tunnel0
#ifconfig tunnel0 up

the tunnel works great thanks to you
on the linux box i have this main interfaces
eth0      Link encap:Ethernet  HWaddr 00:10:4B:43:4C:CF
          inet addr:193.226.6.227  Bcast:193.226.6.231  
Mask:255.255.255.248
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1064424 errors:0 dropped:0 overruns:0 frame:0
          TX packets:872599 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:887874824 (846.7 Mb)  TX bytes:118030509 (112.5 Mb)
          Interrupt:10 Base address:0x7000
eth1      Link encap:Ethernet  HWaddr 00:00:21:29:86:BA
          inet addr:172.27.36.1  Bcast:172.27.36.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:950404 errors:0 dropped:0 overruns:0 frame:3140
          TX packets:1114735 errors:366 dropped:0 overruns:0 carrier:379
          collisions:374402 txqueuelen:100
          RX bytes:128979640 (123.0 Mb)  TX bytes:900948467 (859.2 Mb)
          Interrupt:5 Base address:0x6c00
the network connected to eth1 is with fake addresses
My routing table looks like this

root@gate:/# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
217.13.104.232  0.0.0.0         255.255.255.252 U     0      0        0 tunnel0
193.226.6.224   0.0.0.0         255.255.255.248 U     0      0        0 eth0
172.27.36.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         193.226.6.225   0.0.0.0         UG    0      0        0 eth0

I made another routing from the cisco from but now for another subnet

  ip route 217.13.104.236 255.255.255.252 Tunnel1

217.13.104.236 net 
217.13.104.237 ip1
217.13.104.238 ip3
217.13.104.239 brc

first ip is on a dummy on eth1. I made it with this command
#ifconfig eth1:0 217.13.104.237 netmask 255.255.255.252 broadcast
217.13.104.239

The interface looks like this:

eth1:0    Link encap:Ethernet  HWaddr 00:00:21:29:86:BA
          inet addr:217.13.104.237  Bcast:217.13.104.239 Mask:255.255.255.252
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:5 Base address:0x6c00
the coresponding routing table:

217.13.104.232  0.0.0.0         255.255.255.252 U     0      0        0 tunnel0
217.13.104.236  0.0.0.0         255.255.255.252 U     0      0        0 eth1
193.226.6.224   0.0.0.0         255.255.255.248 U     0      0        0 eth0
172.27.36.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         193.226.6.225   0.0.0.0         UG    0      0        0 eth0

but the other ip (217.13.104.238/30) i want to set it on one computer 
in the lan connected to eth1
My question is :
How can i route ip2: 217.13.104.238 in the tunnel and back ... 

For this 217.13.104.237 ( the dummy) traceroute works
slayer@EcoLin:~$ traceroute 217.13.104.237
traceroute to 217.13.104.237 (217.13.104.237), 30 hops max, 38 byte 
packets
 1  C3640-E0-0 (193.231.111.225)  1.341 ms  1.227 ms  1.346 ms
 2  Eco-GW.Cluj.Ro.Eu.Org (217.13.104.237)  4.296 ms  4.092 ms  4.001 ms
slayer@EcoLin:~$

but for 217.13.104.238 not
slayer@EcoLin:~$ traceroute 217.13.104.238
traceroute to 217.13.104.238 (217.13.104.238), 30 hops max, 38 byte 
packets
 1  C3640-E0-0 (193.231.111.225)  1.348 ms  1.247 ms  1.253 ms
 2  gate.campus.utcluj.ro (193.226.6.227)  4.703 ms  4.099 ms  4.333 ms
 3  * * *
 4  *
I tried something like this but it doesn't work
echo "200 kalin" >> /etc/iproute2/rt_tables
ip rule add from 217.13.104.236/32 table kalin
ip route add default dev tunnel0 table kalin

Best regards
Calin Ciuleanu




_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [LARTC] Routing problem !!!
@ 2003-12-05  3:51 Martin A. Brown
  0 siblings, 0 replies; 2+ messages in thread
From: Martin A. Brown @ 2003-12-05  3:51 UTC (permalink / raw)
  To: lartc

Hello again,

 : Martin, as you can see in my last post i have route to 10.0.0.1 in the
 : main routing table , so i have ping to the gateway but i can't connect
 : to inet.

OK.  So, you can ping the gateway.....can you ping the gateway from the
source IPs you want to have Internet access?

But, before we cover that, we need to back up to the "Why?" question.  You
don't explain enough for me to understand why you need the second routing
table.  In looking at your two routing tables, I don't see any reason for
two.

 : #ip r l t main
 : 10.0.0.0/16 dev eth0  scope link
 :
 :
 : The only way to connect to inet is adding:
 :
 : ip r a default via 10.0.0.1 t main
 :
 : If i add the default gw in table main , i can connect to inet but i'd
 : like to do this in other table.

I have some questions, then:

 - Are the packets initiated from the Linux box?
 - What is the source IP on a packet which is not leaving the box in
   the manner you desire?  Can you add an "ip rule" to define the
   characteristics of this packet?
 - Are you trying to force packets to be sourced from a particular IP?
 - Are you trying to block particular packets from getting to the
   Internet?

 : Can you help me ?

I'll most certainly try.

 :  eth0: 10.0.0.2/16
 :  eth1: 10.0.0.1    (inet gateway)
 :
 :  #ip ru l :
 :
 :  0:      from all lookup local
 :  32765:  from 10.0.0.2 lookup tabla1
 :  32766:  from all lookup main
 :  32767:  from all lookup default
 :
 :
 :  #ip r l t tabla1
 :
 :
 :  10.0.0.0/16 dev eth0  scope link  src 10.0.0.2
 :  127.0.0.0/8 dev lo  scope link
 :  default via 10.0.0.1 dev eth0
 :
 :  #ip r l t main
 :
 :  10.0.0.0/16 dev eth0  scope link

[ snipped some of my earlier ravings ]

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-12-05  3:51 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-12-05  3:51 [LARTC] Routing problem !!! Martin A. Brown
  -- strict thread matches above, loose matches on Subject: below --
2002-03-28 10:52 [LARTC] routing problem! Calin Ciuleanu

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.