Re: [LARTC] Multiple providers routing
Greetings Sameer,
: I have a linux router connected to two separate internet
: connection from an ISP. There is a third interface ( ip ->
: 192.168.1.1 ) in the router connected to the local network.
: Configured the routing tables and added the rules and everything
: seems to be working fine from the routing box. Traceroute to
: external internet sites reveal that traffic is being routed
: correctly and that the failover mechanism is working.
:
: Now in my internal machines the gateway address is the set to the
: third interface of the router and the internal machines can ping
: the router ( 192.168.1.1 ). The problem is that the internal
: machines cant connect to the net. A quick check with pings and
: tcpdump revealed that the packets from the internal machines are
: arriving at the router and are being routed correctly... but are
: not coming BACK from the router to the internal machines.
:
: Any pointers as to why this is happening would be useful
Quick, experienced guess:
# sysctl net.ipv4.conf.default.rp_filter
If the answer provided is:
net.ipv4.conf.default.rp_filter = 1
Then, you'll need to flip the reverse path filtering toggle [0].
When this sysctl is set to 1, the kernel automatically drops packets
incoming from the "wrong" interface according to the primary
('main') routing table.
Good luck,
-Martin
[0]
http://ipsysctl-tutorial.frozentux.net/chunkyhtml/theconfvariables.html#AEN634
--
Martin A. Brown --- Wonderfrog Enterprises --- [EMAIL PROTECTED]
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Multiple providers routing
HI folks, I have a linux router connected to two separate internet connection from an ISP. There is a third interface ( ip -> 192.168.1.1 ) in the router connected to the local network. Configured the routing tables and added the rules and everything seems to be working fine from the routing box. Traceroute to external internet sites reveal that traffic is being routed correctly and that the failover mechanism is working. Now in my internal machines the gateway address is the set to the third interface of the router and the internal machines can ping the router ( 192.168.1.1 ). The problem is that the internal machines cant connect to the net. A quick check with pings and tcpdump revealed that the packets from the internal machines are arriving at the router and are being routed correctly... but are not coming BACK from the router to the internal machines. Any pointers as to why this is happening would be useful Thanks, Sameer Gurung [EMAIL PROTECTED] [EMAIL PROTECTED] ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Multiple Providers, Routing, and Shorewall.
Hey all, I am a newb w/ the LARTC stuff. I have had a box in place with 2 nics for about 6 months. I have had two upstream providers and it was working great. Recently, after some hardware changes we added a 3rd NIC and split out the two different IP addresses. Since then I have not been able to figure out how to stabily send traffic down the appropriate interfaces. It seems that doing SNAT in the POSTROUTING table of iptables is the problem. I just want to confirm on the list that it is that causing the issues. Furthermore, I need to know if anyone has a good recommendation on how to solve the problem of SNAT in this case. I have enough IP's to just do a static NAT to one ip address or another. Is there trouble between CONNTRACK and "ip nat"? js ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
