Re: [LARTC] iproute2 and Kernel 2.6

["Rimas" <rmocius@auste.elnet.lt>]

Hi,

I use iproute2_now_ss020116_try-i386-4 which comes with Slackware 9.1 (what
I use it for my linux boxes).
These commands work just fine with kernel 2.4.x but not with 2.6.x.

IF1=eth1
IP1=xxx.xxx.xxx.xxx
P1=xxx.xxx.xxx.xxx
P1_NET=xxx.xxx.xxx.xxx/32

IF2=eth0
IP2=xxx.xxx.xxx.xxx
P2=xxx.xxx.xxx.xxx
P2_NET=xxx.xxx.xxx.xxx/29

# One creates two additional routing tables.
# Then you set up routing in these tables as follows:

ip route add $P1_NET dev $IF1 src $IP1 table T1
ip route add default via $P1 table T1
ip route add $P2_NET dev $IF2 src $IP2 table T2
ip route add default via $P2 table T2

# Next you set up the main routing table.
ip route add $P1_NET dev $IF1 src $IP1
ip route add $P2_NET dev $IF2 src $IP2

# Then, your preference for default route:
ip route add default via $P1

# Next, you set up the routing rules. These actually choose what routing
table to route with. You want to
# make sure that you route out a given interface if you already have the
corresponding source address:
ip rule add from $IP1 table T1
ip rule add from $IP2 table T2


# This set of commands makes sure all answers to traffic coming in on a
particular interface get answered
# from that interface.

# Lotus Notes server 10.105.105.196 goes via eth0
ip rule add from 10.105.105.196 table notes
ip route add default via $P2 dev eth0 table notes

# Virtual HTTP server 10.105.105.201 goes via eth0
ip rule add from 10.105.105.201 table http1
ip route add default via $P2 dev eth0 table http1

# local VPN server 10.105.105.20 goes via eth0

ip rule add from 10.105.105.20 table vpnsrv
ip route add default via $P2 dev eth0 table vpnsrv


# local smtp
iptables -t mangle -A PREROUTING -i eth2 -s 10.105.105.198 -p tcp --dport
25 -j MARK --set-mark 0x950

ip rule add fwmark 0x950 table localsmtp
ip route add default via $P2 dev eth0 table localsmtp


# local VPN clients and ssh out

# PPTP
iptables -t mangle -A PREROUTING -i eth2 -s 10.105.105.0/24 -p tcp --dport
1723 -j MARK --set-mark 0x960
iptables -t mangle -A PREROUTING -i eth2 -s 10.105.105.0/24 -p 47 -j
MARK --set-mark 0x960

# ssh
iptables -t mangle -A PREROUTING -i eth2 -s 10.105.105.0/24 -p tcp --dport
22 -j MARK --set-mark 0x960

ip rule add fwmark 0x960 table localvpn
ip route add default via $P2 dev eth0 table localvpn
------------------------------------------------------------------


I tried to recompile"iproute2" against current (2.6.0) kernel sources, but
it does not help.

Remus






----- Original Message ----- 
From: "Ben Efros" <ben-ra@efros.com>
To: <lartc@mailman.ds9a.nl>
Sent: Thursday, December 18, 2003 4:46 PM
Subject: Re: [LARTC] iproute2 and Kernel 2.6


> Can you please tell us the version of iproute2, how you are making the
> routing decisions (ie, what commands are you using?).
>
>
> ----- Original Message ----- 
> From: "Remus" <rmocius@auste.elnet.lt>
> To: <lartc@mailman.ds9a.nl>
> Sent: Thursday, December 18, 2003 5:47 AM
> Subject: [LARTC] iproute2 and Kernel 2.6
>
>
> Hi folks,
>
> I have a linux box with three NICs (two for external ISP, and one local).
> Today I tried to use 2.6.0 kernel and somethings is wrong because iproute2
> does not work corretly.
> No routed packets go via second ISP NIC. With 2.4.22 kernel I have no
> problems at all with packet routing.
>
> I compiled 2.6.0 kernel myself, maybe I missed something in .config file?
>
> Thanks
>
> Remus
>
>
>
> "Slackware Linux - Simplicity is Divine."
>
>
> BACKUP IMPORTANT DATA !
>
> This is the most important thing !
> Remember that all damages done to your system is at your own risk !
> Always important when you are running Bill Gates Windows ;-)
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/