[LARTC] A complicated routing scenario (for me at least)

[Arthur van Leeuwen arthurvl@sci.kun.nl]

<PRE>On Mon, 13 Nov 2000, Andrew wrote:

&gt;<i> Greetings:
</I>
&gt;<i> I've been pouring over every piece of documentaiton on the subject I can
</I>&gt;<i> find, and I've concluded that advanced routing + ipchains is what I
</I>&gt;<i> need. It also appears that the people that can answer some of the more
</I>&gt;<i> in depth questions I have, read this list.
</I>
Might be true, might be true. ;)

&gt;<i> I'm fairly new to this so please forgive me if I ask stupid questions.
</I>&gt;<i> Anyway.
</I>
We're all fairly new to this. It isn't older than a year or two, three at the
most.

&gt;<i> Here is what I'm trying to accomplish in ASCII art:
</I>
&gt;<i>                                  LAN
</I>&gt;<i>                                   | (172...)
</I>&gt;<i>                                   |
</I>&gt;<i>          _/\__/\_             +---+----+            _/\__/\_
</I>&gt;<i>         /        \   (63...)  |        | (204...)  /        \
</I>&gt;<i>        ( Internet )-----------+ Router +----------( Internet )
</I>&gt;<i>         \_  __  _/            |        |           \_  __  _/
</I>&gt;<i>           \/  \/              +----+---+             \/  \/ 
</I>&gt;<i>                                    | 63..
</I>&gt;<i>                                    | 204..
</I>&gt;<i>                                    |
</I>&gt;<i>                  --+---------------+----------+--  &lt;---single physical
</I>&gt;<i> net
</I>&gt;<i>                    |                          |        (i.e. one hub)
</I>&gt;<i>                    |                          |
</I>&gt;<i>                +---+---+ 63..1            +---+---+ 63..2
</I>&gt;<i>                | Linux | 63..4            | Linux | 63..3
</I>&gt;<i>                +-------+ 204..1           +-------+ 204..2
</I>&gt;<i>                          204..4                     204..3
</I>
Hmmm. Right.

&gt;<i> The desired end result is a redundant connection to two dns/mail servers
</I>&gt;<i> from the internet. I'm willing to fight through this, but I have a 
</I>&gt;<i> few specific question's for now that I'm hoping someone can answer.
</I>
&gt;<i> 1. From a server's perspective, do incoming packets get responded to on
</I>&gt;<i> the same interface they came in on? 
</I>
No, unfortunately not. In fact, unless you specifically set things up so
that it will go right the kernel will even play haywire with which interface
packets with certain IP addresses are routed out.

&gt;<i> Does it matter if the interface in
</I>&gt;<i> question is an alias?
</I>
No. By the way, drop the mental concept of alias. With the iproute2 ip tool
it only serves to confuse matters. Interfaces kan have multiple IP addresses
attached to them. This is *much* more portable to IPv6... :)

&gt;<i> 2. if I tag a packet coming into the router/firwall above with ipchains
</I>&gt;<i> for routing purposes, will the tag persist to the reply packets? 
</I>
No.

&gt;<i> Or do I have to tag the reply packets with ipchains from the responding 
</I>&gt;<i> server?
</I>
Yes.

&gt;<i> 3. In reading the various documentation, I noticed several references to
</I>&gt;<i> files in the /etc/iproute2 directory. Related to this directory:
</I>&gt;<i> 	a) is there any documentation on the names and syntax of the various
</I>&gt;<i> files other than the source code, and the casual references I've found?
</I>&gt;<i> 	b) I don't currently have this directory in /etc. Is it something I
</I>&gt;<i> just create, and does it's existance imply that the kernel will read
</I>&gt;<i> configureation data from it on boot?
</I>
a. There are examples for these files in /usr/doc/iproute-2.2.4/iproute2/ on
   RedHat 6.2 systems with iproute2 installed and in
   /usr/share/doc/iproute-2.2.4/iproute2/ on RedHat 7.0 systems.
   These files all have names starting with rt_, and should also be in
   the iproute2 tarball, but I'm too lazy to check :).
b. The directory can contain the files rt_dsfield, rt_protos, rt_realms,
   rt_scopes and rt_tables. Most of the values in these files are user
   settable, and will be read when the files exist. If they do not exist you
   do not get nice names and have to deal with the raw numbers. Note: they
   are *not* necessary for operation, just useful from a user's point of
   view.

&gt;<i> Incidentally I'm currently using kernel 2.2.17 on my boxes. Since I'm
</I>&gt;<i> already going to be meticulously documenting my setup, I'd be willing to
</I>&gt;<i> do so in a format that could be posted as a HOWTO or as an example in
</I>&gt;<i> someone else's HOWTO, whatever would be most usefull.
</I>
&gt;<i> Suggestions in this area are much appreciated since I have no experiance
</I>&gt;<i> in HOWTO writing. (Plenty of writing experiance, just not howtos)
</I>
Well, an ASCII-gram such as the one above and step by step explanations of
your setup and *why* you've taken those steps would be great. ;)

&gt;<i> Anyway, Thanks for the help.
</I>
No problem.

Doei, Arthur.

-- 
  /\    / |      <A HREF="mailto:arthurvl@sci.kun.nl">arthurvl@sci.kun.nl</A>      | Work like you don't need the money
 /__\  /  | A friend is someone with whom | Love like you have never been hurt
/    \/__ | you can dare to be yourself   | Dance like there's nobody watching



</PRE>