RE: Woody routing question...
Hi All, Thanks in advance for all the responses I received to my question. Apologies for not replying to those who responded - I was in the process of drafting up some nice ASCII diagrams of the network(s) involved when J.J. van Gorkum responded with the following jewel of info: look at http://www.samag.com/documents/s=1824/sam0201h/0201h.htm This basically allowed me to get everything up and running more-or-less as I wanted by doing the following... # apt-get install iproute # ip rule add from xxx.yy.234.131 lookup 1 # ip route add 0/0 via xxx.yy.234.129 table 1 # ip rule add from aaa.bbb.80.144 lookup 2 # ip route add 0/0 via aaa.bbb.80.130 table 2 Fantastic!... Again, thank-you to everyone who pondered over this one for me... Sean
Re: Woody routing question...
On Fri, Aug 09, 2002 at 11:00:21PM +0200, Marc Haber wrote: On Fri, 9 Aug 2002 10:19:36 -0700, Ted Deppner [EMAIL PROTECTED] wrote: If you want to be able to use both IPs from either network (a common occurance even if you didn't plan it), you should probably turn off RP_FILTER in the kernel. Why? rp_filter will drop packets coming in interface A that have a source in the network of interface B. It essentially polices that packets that should come in B have to come in B. In a well connected mesh, it's possible to have network B devices route packets through to interface A (interface B's cable unplugged, route to B becomes available through A; arp behavior in two NIC networks on the same switch can exhibit this behavior sometimes as well). This is only usually a concern where you have two interfaces facing the same general network traffic. use tcpdump -e to actually see the MAC addresses where the packets are sent to. Good point! -- Ted Deppner http://www.psyber.com/~ted/
Re: Woody routing question...
On Sat, 10 Aug 2002 07:49:14 -0700, Ted Deppner [EMAIL PROTECTED] wrote: On Fri, Aug 09, 2002 at 11:00:21PM +0200, Marc Haber wrote: On Fri, 9 Aug 2002 10:19:36 -0700, Ted Deppner [EMAIL PROTECTED] wrote: If you want to be able to use both IPs from either network (a common occurance even if you didn't plan it), you should probably turn off RP_FILTER in the kernel. Why? rp_filter will drop packets coming in interface A that have a source in the network of interface B. It essentially polices that packets that should come in B have to come in B. Notice source address. So, rp_filter's setting is irrelevant when it comes to reaching _any_ ip address of the local host as long as it comes in from the interface that matches the source address. This is only usually a concern where you have two interfaces facing the same general network traffic. Or when you suspect IP spoofing. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber |Questions are the | Mailadresse im Header Karlsruhe, Germany | Beginning of Wisdom | Fon: *49 721 966 32 15 Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fax: *49 721 966 31 29
Re: Woody routing question...
On Fri, 09 Aug 2002 10:15:59 +0100, Sean Cardus [EMAIL PROTECTED] wrote: 0.0.0.0xxx.yy.234.129 0.0.0.0 UG0 0 0 eth1 0.0.0.0aaa.bbb.80.130 0.0.0.0 UG1 0 0 eth0 I'd remove one of these two default gateways first. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber |Questions are the | Mailadresse im Header Karlsruhe, Germany | Beginning of Wisdom | Fon: *49 721 966 32 15 Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fax: *49 721 966 31 29
Re: Woody routing question...
On Fri, 9 Aug 2002 10:19:36 -0700, Ted Deppner [EMAIL PROTECTED] wrote: On Fri, Aug 09, 2002 at 10:15:59AM +0100, Sean Cardus wrote: eth0 = IP: aaa.bbb.80.144 Network: aaa.bbb.80.128 Mask: 255.255.255.128 eth1 = IP: xxx.yy.234.131 Network: xxx.yy.234.128 Mask: 255.255.255.192 If you want to be able to use both IPs from either network (a common occurance even if you didn't plan it), you should probably turn off RP_FILTER in the kernel. Why? I'd also suggest you use tcpdump -n -i ethX on each interface (watch eth0 on tty1, eth1 on tty2 so you can be sure), and make sure packets are actually reaching your interfaces. use tcpdump -e to actually see the MAC addresses where the packets are sent to. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber |Questions are the | Mailadresse im Header Karlsruhe, Germany | Beginning of Wisdom | Fon: *49 721 966 32 15 Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fax: *49 721 966 31 29