[LARTC] Re: Can't use two links on a linux box - correction/addition

[LARTC] Re: Can't use two links on a linux box - correction/addition

[Arthur]

<PRE>On Thu, 9 Nov 2000, Mike Fedyk wrote:

&gt;<i> I've just subscribed to this list, and found this article.  
</I>&gt;<i> It solved my problem perfectly, but he described the solution 
</I>&gt;<i> I was trying as possible, which I've found is not.
</I>
That is interesting... I can't see much difference from the setup you've made
with what I've described, but for the ordering of the route setup commands 
(which, unfortunately, *is* significant, a detail I forgot when composing
the e-mail).

&gt;<i> I was reading some old docs that policy routing didn't work on packets from
</I>&gt;<i> local processes.  I'm sure glad it was wrong. :)
</I>
I've never seen those docs, fortunately. If I had, I probably wouldn't have
tried this... ;)

&gt;<i> Here's what my routes looked like:
</I>&gt;<i> 10.0.0.0 dev eth0  scope link  src 10.0.0.2
</I>&gt;<i> 63.194.293.210 dev eth1  scope link  src 63.194.293.219
</I>&gt;<i> 10.1.1.1 dev eth2  scope link  src 10.1.1.2
</I>&gt;<i> 10.0.0.0/24 dev eth0  scope link
</I>&gt;<i> 127.0.0.0/8 dev lo  scope link
</I>&gt;<i> default
</I>&gt;<i>         nexthop via 63.194.293.210  dev eth1 weight 1
</I>&gt;<i>         nexthop via 10.1.1.1  dev eth2 weight 1
</I>&gt;<i> 
</I>&gt;<i> here's my ip rule:
</I>&gt;<i> 0:      from all lookup local
</I>&gt;<i> 32766:  from all lookup main
</I>&gt;<i> 32767:  from all lookup default
</I>
&gt;<i> The default.  Now here's my problem.  If I connect from the internet to one of
</I>&gt;<i> my tcp services on 10.1.1.2 (which is behind another masq-ing firewall 
</I>&gt;<i> from the isp for dsl) I would get responses from 63.194.239.202.  
</I>&gt;<i> As you can see, this is not good, and kills any tcp traffic.
</I>
Yes. TCP only handles multipath traffic if the addresses stay the same on
all the paths. But it's not really good for most UDP based protocols either.

&gt;<i> I added two tables, 40 and 50.
</I>&gt;<i> Each has a route to the ISP's gateway and a default route.
</I>
Exactly the right thing to do.

&gt;<i> Here's the new ip rule:
</I>&gt;<i> 0:      from all lookup local
</I>&gt;<i> 32764:  from 10.1.1.2 lookup 50
</I>&gt;<i> 32765:  from 63.194.293.219 lookup 40
</I>&gt;<i> 32766:  from all lookup main
</I>&gt;<i> 32767:  from all lookup default
</I>&gt;<i> 
</I>&gt;<i> Everything is fine now, thanks to Van's help.
</I>
The name's Arthur. `van Leeuwen' is my surname. Yes, it's a silly European
thing. Note quite unlike `van Beethoven' in `Ludwig van Beethoven'.

&gt;<i> I just don't want anyone else to waste their time on what I tried...
</I>
This stuff really should be in the HOWTO. Now to find some time to 
put it in...

Doei, Arthur.

-- 
  /\    / |      <A HREF="mailto:arthurvl@sci.kun.nl">arthurvl@sci.kun.nl</A>      | Work like you don't need the money
 /__\  /  | A friend is someone with whom | Love like you have never been hurt
/    \/__ | you can dare to be yourself   | Dance like there's nobody watching



</PRE>

[LARTC] Re: Can't use two links on a linux box - correction/addition

[Mike]

<PRE>Arthur van Leeuwen wrote:
&gt;<i> 
</I>&gt;<i> On Thu, 9 Nov 2000, Mike Fedyk wrote:
</I>&gt;<i> 
</I>&gt;<i> &gt; I've just subscribed to this list, and found this article.
</I>&gt;<i> &gt; It solved my problem perfectly, but he described the solution
</I>&gt;<i> &gt; I was trying as possible, which I've found is not.
</I>&gt;<i> 
</I>&gt;<i> That is interesting... I can't see much difference from the setup you've made
</I>&gt;<i> with what I've described, but for the ordering of the route setup commands
</I>&gt;<i> (which, unfortunately, *is* significant, a detail I forgot when composing
</I>&gt;<i> the e-mail).
</I>
The setup you described is exactly what worked in the end.

&quot;The specific tables (100 and 200) are not 
strictly necessary, but they provide you with the option to do a static
choice of the uplink route to take for certain traffic.&quot;

This is what my reply was for, you really do *need* the extra tables and ip rule
settings.

&gt;<i> &gt; I was reading some old docs that policy routing didn't work on packets from
</I>&gt;<i> &gt; local processes.  I'm sure glad it was wrong. :)
</I>&gt;<i> 
</I>&gt;<i> I've never seen those docs, fortunately. If I had, I probably wouldn't have
</I>&gt;<i> tried this... ;)
</I>&gt;<i> 
</I>
<A HREF="http://www.linuxdoc.org/HOWTO/Net-HOWTO/c1431.html">http://www.linuxdoc.org/HOWTO/Net-HOWTO/c1431.html</A>
There is a link to <A HREF="http://www.compendium.com.ar/policy-routing.txt">http://www.compendium.com.ar/policy-routing.txt</A>

Which was made when 2.1.xx was current.

&gt;<i> Yes. TCP only handles multipath traffic if the addresses stay the same on
</I>&gt;<i> all the paths. But it's not really good for most UDP based protocols either.
</I>&gt;<i> 
</I>
The only test that worked was icmp ping. ;P

&gt;<i> The name's Arthur. `van Leeuwen' is my surname. Yes, it's a silly European
</I>&gt;<i> thing. Note quite unlike `van Beethoven' in `Ludwig van Beethoven'.
</I>&gt;<i> 
</I>Ok, np.  That was what was in the From: in the archive, so I used that.  Maybe
you should add Arthur to your name in the From: field. &quot;Arthur van Leeuwen&quot;?

I hope this discussion will help others when it goes into the archive.  It
certainly helped me.  If they actually take the time to check the archive... but
that's another issue.

HTH
-- 

Mike Fedyk                   &quot;They that can give up essential liberty
Information Systems           to obtain a little temporary safety
Match Mail Productions Inc.   deserve neither liberty nor safety.&quot;
<A HREF="mailto:mfedyk@matchmail.com">mfedyk@matchmail.com</A>                                   Ben Franklin


</PRE>