* [LARTC] Source based routing with two internet connections
@ 2001-07-03 18:59 Ralph van Etten
2001-07-04 7:26 ` Arthur van Leeuwen
2001-07-04 18:32 ` Ralph van Etten
0 siblings, 2 replies; 3+ messages in thread
From: Ralph van Etten @ 2001-07-03 18:59 UTC (permalink / raw)
To: lartc
Hi,
The next question is probably a FAQ but I'm really getting desperate and I
haven't found anything in the HOW-TO, the docs or archives about the
problems I have.
I have a Linux box with two connections to the internet (a fast and a
slow connection) and a private internal network. The linux box does
masquerading. Some PCs (PC B) on the private LAN must use the fast
connection, the rest of the hosts must use the slow connection.
internet internet
\ /
slow connection\ / fast connection
124.124.124.124 \ eth1 eth2/ 123.123.123.123
+-------------+
| Linux box |
| |
+-------------+
eth0| 192.168.11.2
|
----+-----+------+------
| |
| | 192.168.11.70
+--------+ +--------+
| PC a | | PC b |
+--------+ +--------+
Its almost exacly the same as described in the Adv. Routing HOW-TO.
The default route is set to eth1 and PC A and PC B can connect to the
internet using the slow link.
Then, when I use the following commands (fast is a name in
/etc/iproute2/rt_tables) :
#ip rule add from 192.168.11.70 table fast pref 102
#ip route add 0/0 dev eth2 table fast
#ip route flush cache
PC A can still connect to the internet using the slow link, but PC B
can't connect to the internet using the fast link.
When I do a traceroute or look at the packets on the interfaces I can see
that packets from PC B are routed to the fast link.
When I ping a host on the internet from PC B, the host which is pinged
send replies on eth2, but the linux box doesnt forward them to PC B.
So, I think there is something wrong with masquerading.
Masquerading is set up using ipchains :
ipchains -A forward -i eth2 -j MASQ -l
With -l the ping requests from PC B show up in the syslog.
I'm using kernel 2.2.17, I've compiled the kernel with all the relevant
networking options for advanced routing. Does this kind of routing work
with 2.2.17 ?
I really have no idea what is wrong and was hoping someone else has a
similar setup working and can give me some clues on how to get it to work.
Thanks,
Ralph.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [LARTC] Source based routing with two internet connections
2001-07-03 18:59 [LARTC] Source based routing with two internet connections Ralph van Etten
@ 2001-07-04 7:26 ` Arthur van Leeuwen
2001-07-04 18:32 ` Ralph van Etten
1 sibling, 0 replies; 3+ messages in thread
From: Arthur van Leeuwen @ 2001-07-04 7:26 UTC (permalink / raw)
To: lartc
On Tue, 3 Jul 2001, Ralph van Etten wrote:
> #ip rule add from 192.168.11.70 table fast pref 102
> #ip route add 0/0 dev eth2 table fast
> #ip route flush cache
You're not doing source address selection (the src argument to ip route add),
causing the masquerading code to possibly select the wrong address to
masquerade to. Check the archives for the postings on multipath upstream
routing for information on a setup with multiple upstreams. Such a setup
will gladly masquerade on each of the uplinks, and *work*. From that you can,
without a doubt, simplify to your situation.
Oh, 2.2.17 is quite adequate.
Doei, Arthur.
--
/\ / | arthurvl@sci.kun.nl | Work like you don't need the money
/__\ / | A friend is someone with whom | Love like you have never been hurt
/ \/__ | you can dare to be yourself | Dance like there's nobody watching
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [LARTC] Source based routing with two internet connections
2001-07-03 18:59 [LARTC] Source based routing with two internet connections Ralph van Etten
2001-07-04 7:26 ` Arthur van Leeuwen
@ 2001-07-04 18:32 ` Ralph van Etten
1 sibling, 0 replies; 3+ messages in thread
From: Ralph van Etten @ 2001-07-04 18:32 UTC (permalink / raw)
To: lartc
On Wed, 4 Jul 2001, Arthur van Leeuwen wrote:
> > #ip rule add from 192.168.11.70 table fast pref 102
> > #ip route add 0/0 dev eth2 table fast
> > #ip route flush cache
>
> You're not doing source address selection (the src argument to ip route add),
> causing the masquerading code to possibly select the wrong address to
> masquerade to. Check the archives for the postings on multipath upstream
> routing for information on a setup with multiple upstreams. Such a setup
> will gladly masquerade on each of the uplinks, and *work*. From that you can,
> without a doubt, simplify to your situation.
I've read the articles in the archive again and first I though of the
following :
#ip route add 0/0 src 123.123.123.123 dev eth2 table adsl
But this didn't worked, so I read some more and tried this :
#ip route add 123.123.123.1 dev eth2 table fast
#ip route add 0/0 via 123.123.123.123 dev eth2 table fast
with and without src argument and this gave exactly the same problem. Are
the above commands correct ?
Should the default route in the main table be a multipath route for
this to work ?
Thanks,
Ralph.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2001-07-04 18:32 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2001-07-03 18:59 [LARTC] Source based routing with two internet connections Ralph van Etten
2001-07-04 7:26 ` Arthur van Leeuwen
2001-07-04 18:32 ` Ralph van Etten
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.