Google
  Web www.spinics.net

RE: Re: multiple routing tables for internal router programs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
I do the same way, from ip-up. But I only change the two concerned
rules. Rest of the things are free from IP.

-----Original Message-----
From: lartc-bounces@xxxxxxxxxxxxxxx
[mailto:lartc-bounces@xxxxxxxxxxxxxxx] On Behalf Of Alex Samad
Sent: Thursday, June 14, 2007 12:23 PM
To: lartc@xxxxxxxxxxxxxxx
Subject: Re:  Re: multiple routing tables for internal router
programs

On Thu, Jun 14, 2007 at 11:50:30AM +0800, Salim S I wrote:
> I solved it, thought a bit ugly.
> 
> Have two more rules now in ip ru
> 
> 32150:  from all lookup main
> 32201:  from all fwmark 0x200/0x200 lookup wan1_route
> 32202:  from all fwmark 0x400/0x400 lookup wan2_route
> 32203:  from 10.20.0.137 lookup wan1_route
> 32204:  from 10.2.3.107 lookup wan2_route
> 32205:  from all lookup catch_all
> 32766:  from all lookup main
> 
> I did not like to include WAN IP anywhere, coz it may be dynamic, but
> well, seems like no choice.
ran into the same problem, I capture the link information at ip-up time
for 
ppp/pppoe and dhcp time for cable modem, then I fire off a scrip that
pulls 
down all the ip ru & ip ro and builds it from scratch (as well as the 
specialised iptables rules as well).  This should only happen when I
loose a 
connection so should be okay


> 
> And then two rules in OUTPUT chain
> Iptables -t mangle -A OUTPUT -o eth2 -j LB1
> Iptables -t mangle -A OUTPUT -o eth3 -j LB2
> 
> -----Original Message-----
> From: lartc-bounces@xxxxxxxxxxxxxxx
> [mailto:lartc-bounces@xxxxxxxxxxxxxxx] On Behalf Of Salim S I
> Sent: Wednesday, June 13, 2007 12:08 PM
> To: 'Peter Rabbitson'
> Cc: lartc@xxxxxxxxxxxxxxx
> Subject: RE:  Re: multiple routing tables for internal router
> programs
> 
> My configuration 
> 
> root@xxxxxxxxx:~# ip ru
> 0:      from all lookup local
> 32150:  from all lookup main
> 32201:  from all fwmark 0x200/0x200 lookup wan1_route
> 32202:  from all fwmark 0x400/0x400 lookup wan2_route
> 32203:  from all lookup catch_all
> 32766:  from all lookup main
> 32767:  from all lookup default
> 
> root@xxxxxxxxx:~# ip ro li ta main
> 192.168.100.0/24 dev eth0  proto kernel  scope link  src
192.168.100.254
> 10.20.0.0/24 dev eth2  proto kernel  scope link  src 10.20.0.137
> 192.168.1.0/24 dev eth10  proto kernel  scope link  src 192.168.1.254
> 10.2.3.0/24 dev eth3  proto kernel  scope link  src 10.2.3.107
> 127.0.0.0/8 dev lo  scope link
> 
> root@xxxxxxxxx:~# ip ro li ta wan1_route
> default via 10.20.0.1 dev eth2  proto static
> root@xxxxxxxxx:~# ip ro li ta wan2_route
> default via 10.2.3.254 dev eth3  proto static
> 
> root@xxxxxxxxx:~# ip ro li ta catch_all
> default  proto static
>         nexthop via 10.20.0.1  dev eth2 weight 1
>         nexthop via 10.2.3.254  dev eth3 weight 1
> 
> The catch_all table comes into play only for local packets. All
> forwarded packets are marked in mangle PREROUTING, with 0x200 0r
0x400.
> 
> If not loadblancing ping script, there maybe other apps using domain
> names instead of IP address, they might still fail, right?
> 
> The problem happens when one of the link goes down (not the
nexthop,but
> after that). Then the kernel will pick an interface and wrong src IP
for
> local packets.
> 
> 
> -----Original Message-----
> From: Peter Rabbitson [mailto:rabbit@xxxxxxxxx] 
> Sent: Tuesday, June 12, 2007 7:24 PM
> To: Salim S I
> Cc: lartc@xxxxxxxxxxxxxxx
> Subject: Re:  Re: multiple routing tables for internal router
> programs
> 
> Salim S I wrote:
> > Thanks! I get it now.
> > But why the src address for the interface is wrong? 
> > In my case eth2 has a.b.c.d and eth3 has p.q.r.s.
> > 
> > DNS queries going through eth2 has p.q.r.s as src address and those
> > going through eth3 has a.b.c.d. Something wrong with routing?
> 
> Possible. Post full configuration and someone might be able to help.
> 
> > I was wondering, how the ping script (to check the lonk status) of
> > others work id domain name is used.
> 
> Don't know about others, and I personally use ip addresses :)
> 
> 
> _______________________________________________
> LARTC mailing list
> LARTC@xxxxxxxxxxxxxxx
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> 
> 
> _______________________________________________
> LARTC mailing list
> LARTC@xxxxxxxxxxxxxxx
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> 


_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Bugtraq]     [Fedora Legacy]     [GCC Help]     [Yosemite News]     [Yosemite Photos]     [IP Tables]     [Netfilter Devel]     [Fedora Users]

Powered by Linux