Re: Basic routing

[John Lister <john.lister@kickstone.com>]

On 04/10/2014 18:44, John Smithee wrote:
> John Smithee wrote, On 10/04/2014 05:07 PM:
>> Thomas Bätzler wrote, On 10/04/2014 03:56 PM:
>>> Hi,
>>>
>>> Am 04.10.2014 um 13:06 schrieb John Smithee:
>>>> Ok, I admit using "ping -I" was a bad example. The whole point I tried
>>>> to make is, that the second net (69.0) cannot reach any other IP
>>>> outside its own net.
>>>> The goal is to let 69.0 reach the world via this gateway machine
>>>> 68.22/69.22.
>>>> Is some iptables needed in this case?
>>>
>>> You do have IP forwarding enabled?
>>>
>>> If not,  enable it using
>>>    echo "1" > /proc/sys/net/ipv4/ip_forward
>>> and try again.
>>>
>>>
>>> HTH,
>>> Thomas
>>
>>
>> Yes, ip frowarding is enabled.
>>
>> After doing much research on the net and experimenting
>> I think (still testing) I finally found a solution,
>> but it's unfortunately a little bit complicated.
>> I'll summarize later.
>
>
> I finally managed to get it working with these steps:
>
> IF0="eth0"
> NW0="192.168.68.0/24"
> ET0="192.168.68.22"
> GW0="192.168.68.254"
> TAB0="my0"  # must be defined in /etc/iproute2/rt_tables, f.e. 100 my0
>
> IF1="eth1"
> NW1="192.168.69.0/24"
> ET1="192.168.69.22"
> GW1="192.168.69.7"
> TAB1="my1"  # must be defined in /etc/iproute2/rt_tables, f.e. 101 my1
>
> ip route add $NW0 dev $IF0 src $ET0 table $TAB0
> ip route add default via $GW0 table $TAB0
>
> ip route add $NW1 dev $IF1 src $ET1 table $TAB1
> ip route add default via $GW1 table $TAB1
>
> ip route add $NW0 dev $IF0 src $ET0
> ip route add $NW1 dev $IF1 src $ET1
>
> # your preference for default route:
> ip route add default via $GW0
>
> ip rule add from $ET0 table $TAB0
> ip rule add from $ET1 table $TAB1
> ip rule add to   $ET0 table $TAB0
> ip rule add to   $ET1 table $TAB1
>
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
>
> This solution is not that bad, though IMHO complicated.
> But one thing is still missing: 69.* cannot ping
> the IP 68.22, but other than that it can reach everything else.
>
> If someone knows a simpler solution pls let me know, thx.
>
>
> Here are some references where I found the above stuff:
>
> http://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/ 
>
> http://www.linuxhorizon.ro/iproute2.html
> http://www.lartc.org/howto/lartc.rpdb.html
> http://www.lartc.org/howto/lartc.rpdb.multiple-links.html
>

This seems overly complicated for what sounds like a simple routing 
solution. I'm guessing there must be something slightly out of the 
ordinary about your setup or I'm mising something. I'm assuming 
something like this


MACHINE1-x.69.7  ---->  .69.22 - MACHINE2 - .68.22 ----> .68.254 - 
DEFAULT ROUTER --> internet


the routing table for machine1 should be
default 192.168.69.22 0.0.0.0 eth0
192.168.69.0 * 255.255.255.0 eth0

and for machine2 is should be
default 192.168.68.254 0.0.0.0 eth0
192.168.68.0 * 255.255.255.0 eth0
192.168.69.0 * 255.255.255.0 eth1


The only issue you have is that there either needs to be a route on your 
external router to 192.68.69.0/24 via 192.168.68.22 or as you have it 
above an iptables rule to masquerade any address on the 192.168.69 
domain to the eth0 address so that the replies from outside your network 
know how to get back to your private subnet.

John

>
>
> -- 
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html