RE: Woody routing question...
Hi All, Thanks in advance for all the responses I received to my question. Apologies for not replying to those who responded - I was in the process of drafting up some nice ASCII diagrams of the network(s) involved when "J.J. van Gorkum" responded with the following jewel of info: > look at http://www.samag.com/documents/s=1824/sam0201h/0201h.htm This basically allowed me to get everything up and running more-or-less as I wanted by doing the following... # apt-get install iproute # ip rule add from xxx.yy.234.131 lookup 1 # ip route add 0/0 via xxx.yy.234.129 table 1 # ip rule add from aaa.bbb.80.144 lookup 2 # ip route add 0/0 via aaa.bbb.80.130 table 2 Fantastic!... Again, thank-you to everyone who pondered over this one for me... Sean
Re: Woody routing question...
On Sat, 10 Aug 2002 07:49:14 -0700, Ted Deppner <[EMAIL PROTECTED]> wrote: >On Fri, Aug 09, 2002 at 11:00:21PM +0200, Marc Haber wrote: >> On Fri, 9 Aug 2002 10:19:36 -0700, Ted Deppner <[EMAIL PROTECTED]> wrote: >> >If you want to be able to use both IPs from either network (a common >> >occurance even if you didn't plan it), you should probably turn off >> >RP_FILTER in the kernel. >> >> Why? > >rp_filter will drop packets coming in interface A that have a source in >the network of interface B. It essentially polices that packets that >"should" come in B have to come in B. Notice "source address". So, rp_filter's setting is irrelevant when it comes to reaching _any_ ip address of the local host as long as it comes in from the interface that matches the source address. >This is only usually a concern where you have two interfaces facing the >same general network traffic. Or when you suspect IP spoofing. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber | " Questions are the | Mailadresse im Header Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15 Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29
Re: Woody routing question...
On Fri, Aug 09, 2002 at 11:00:21PM +0200, Marc Haber wrote: > On Fri, 9 Aug 2002 10:19:36 -0700, Ted Deppner <[EMAIL PROTECTED]> wrote: > >If you want to be able to use both IPs from either network (a common > >occurance even if you didn't plan it), you should probably turn off > >RP_FILTER in the kernel. > > Why? rp_filter will drop packets coming in interface A that have a source in the network of interface B. It essentially polices that packets that "should" come in B have to come in B. In a well connected mesh, it's possible to have network B devices route packets through to interface A (interface B's cable unplugged, route to B becomes available through A; arp behavior in two NIC networks on the same switch can exhibit this behavior sometimes as well). This is only usually a concern where you have two interfaces facing the same general network traffic. > use tcpdump -e to actually see the MAC addresses where the packets are > sent to. Good point! -- Ted Deppner http://www.psyber.com/~ted/
Re: Woody routing question...
On Fri, 9 Aug 2002 10:19:36 -0700, Ted Deppner <[EMAIL PROTECTED]> wrote: >On Fri, Aug 09, 2002 at 10:15:59AM +0100, Sean Cardus wrote: >> eth0 = IP: aaa.bbb.80.144 Network: aaa.bbb.80.128 Mask: 255.255.255.128 >> eth1 = IP: xxx.yy.234.131 Network: xxx.yy.234.128 Mask: 255.255.255.192 > >If you want to be able to use both IPs from either network (a common >occurance even if you didn't plan it), you should probably turn off >RP_FILTER in the kernel. Why? >I'd also suggest you use tcpdump -n -i ethX on each interface (watch eth0 >on tty1, eth1 on tty2 so you can be sure), and make sure packets are >actually reaching your interfaces. use tcpdump -e to actually see the MAC addresses where the packets are sent to. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber | " Questions are the | Mailadresse im Header Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15 Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29
Re: Woody routing question...
On Fri, Aug 09, 2002 at 10:15:59AM +0100, Sean Cardus wrote: > eth0 = IP: aaa.bbb.80.144 Network: aaa.bbb.80.128 Mask: 255.255.255.128 > eth1 = IP: xxx.yy.234.131 Network: xxx.yy.234.128 Mask: 255.255.255.192 If you want to be able to use both IPs from either network (a common occurance even if you didn't plan it), you should probably turn off RP_FILTER in the kernel. This is most easily accomplished by setting the spoofprotect=no option in the /etc/network/options file. A reboot or /etc/init.d/network stop/start will then set the option. I'd also suggest you use tcpdump -n -i ethX on each interface (watch eth0 on tty1, eth1 on tty2 so you can be sure), and make sure packets are actually reaching your interfaces. -- Ted Deppner http://www.psyber.com/~ted/
Re: Woody routing question...
On Fri, 09 Aug 2002 10:15:59 +0100, "Sean Cardus" <[EMAIL PROTECTED]> wrote: >0.0.0.0xxx.yy.234.129 0.0.0.0 UG0 0 0 eth1 >0.0.0.0aaa.bbb.80.130 0.0.0.0 UG1 0 0 eth0 I'd remove one of these two default gateways first. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber | " Questions are the | Mailadresse im Header Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15 Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29
Woody routing question...
Hi All, I've just setup a Debian Woody alpha machine and am currently having problems with routing... I'm not entirely sure this problem is appropriate for this list, but here goes... Appologies for the length of the mail too :) I've got 2 network cards in my machine - Each card is connected to different networks, but both have public IP addresses. eth0 = IP: aaa.bbb.80.144 Network: aaa.bbb.80.128 Mask: 255.255.255.128 eth1 = IP: xxx.yy.234.131 Network: xxx.yy.234.128 Mask: 255.255.255.192 My current routing table, as show by running "route -n" is as follows: DestinationGatewayGenmask Flags Metric Ref Use Iface xxx.yy.234.128 0.0.0.0255.255.255.192 U 0 0 0 eth1 aaa.bbb.80.128 0.0.0.0255.255.255.128 U 0 0 0 eth0 0.0.0.0xxx.yy.234.129 0.0.0.0 UG0 0 0 eth1 0.0.0.0aaa.bbb.80.130 0.0.0.0 UG1 0 0 eth0 eth0 is located on a subnet within a larger network - As follows: Network: aaa.bbb.80.0 Netmask: 255.255.248.0 eth1 is my main Internet connection, it is used for almost all Internet bound traffic. eth0 is a network connected to the Internet via a lower bandwidth connection. The main reason for this interface is to allow hosts on its network to connect directly to my machine at a higher speed than their external Internet connection allows. This interface should also communicate with Internet hosts if they connect to this ifaces IP address. On to the problem... Machines with eth0's local subnet can communicate with the server without a problem. Machines outside of the subnet - eg. aaa.bbb.81.36 - cannot communicate with this interface's ip address. aaa.bbb.81.36, as well as external Internet hosts, can however connect to xxx.yy.234.131 without a problem. I've tried adding routes to eth0's subnet and the larger network as a whole - Only result being aaa.bb.81.36 can now connect to eth0's ip, but no longer can get a response from xxx.yy.234.131 Can anyone shed some light on what to do?... My IP routing skills are a little lacking... Thanks in advance!... Sean _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx