Re: [LARTC] Multiple gateways
aristo7514 aristo7514 wrote: > > Dear Edesio; > > Thank you for your help. > > I tried to download the patch and apply it to fedora core 2, but I got > lots of errors. I believe the patch is for kernel 2.4 and my kernel is > 2.6.5. Either, I need to find a distribution that uses kernel 2.4 or > try something else. That is because you downloaded the wrong patch for your kernel. Julian's site has the correct patch, so go find it. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Multiple gateways
Dear Edesio; Thank you for your help. I tried to download the patch and apply it to fedora core 2, but I got lots of errors. I believe the patch is for kernel 2.4 and my kernel is 2.6.5. Either, I need to find a distribution that uses kernel 2.4 or try something else. So far, I have changed my configuration a bit; I have 2 DSL lines connected to ADSL modems, I am trying to split my local networks between these two lines. My uplinks are eth3 - 192.168.2.100 with gw 192.168.2.1 and eth1 - 192.168.3.100 with gw 192.168.3.1 Still same config for eth0 eth0 : 172.16.55.0/24 eth0:0 172.16.56.0/24 eth0:1 172.16.57.0/24 eth0:2 172.16.55.0/24 I tried SNAT with ip route ; iptables -t nat -A POSTROUTING -s 172.16.55.0/24 -o eth1 -j SNAT --to-source 192.168.3.100 iptables -t nat -A POSTROUTING -s 172.16.56.0/24 -o eth3 -j SNAT --to-source 192.168.2.100 iptables -t nat -A POSTROUTING -s 172.16.57.0/24 -o eth1 -j SNAT --to-source 192.168.3.100 iptables -t nat -A POSTROUTING -s 172.16.58.0/24 -o eth3 -j SNAT --to-source 192.168.2.100 ip rule add from 192.168.3.100 table 10 ip rule add from 192.168.2.100 table 20 ip route add default via 192.168.3.1 dev eth1 table 10 ip route add default via 192.168.2.1 dev eth3 table 20 ip route add default via 192.168.3.1 This is where I got stuck. Any more ideas? I am not trying to implement per packet route sharing, just a simply source based routing. Best Regards, On 6/10/05, Edesio Costa e Silva <[EMAIL PROTECTED]> wrote: > Hi! > > I had a similar problem, two internal networks and two links. I had to apply > the patch at http://www.ssi.bg/~ja/routes-2.4.29-9.diff. It seems the > packets got a source address while masquerading and when they are routed > outbound the source address doesn't match the link address. > > MAYBE, just MAYBE, the problem can also be solved if you use SNAT instead of > MASQUERADING. > > I hope this helps. > > Edésio > > On Fri, Jun 10, 2005 at 03:54:30PM +0300, aristo7514 aristo7514 wrote: > > Hello, > > > > Since I could not figure out my previous problem, let me ask in a different > > way. > > > > I have 3 networks inside my LAN. They are 172.16.55.0/24 , > > 172.16.56.0/24 and 172.16.57.0/24 respectively. They all use eth0 as > > an alias. > > > > I also have 2 uplinks to different ISPs. One of them is leased line > > and the other one is ADSL. > > > > One of my uplink is 81.8.120.18/30 with gateway 81.8.120.17 on eth1 > > and the other one is 172.18.10.30/24 with gateway 172.18.10.2 on eth3. > > > > I am trying to split my internal networks to these two providers. > > > > So, > > iptables -t nat -A POSTROUTING -s 172.16.55.0/24 -i eth1 -j MASQUERADE > > > > iptables -t nat -A POSTROUTING -s 172.16.56.0/24 -i eth3 -j MASQUERADE > > > > iptables -t nat -A POSTROUTING -s 172.16.55.0/24 -i eth1 -j MASQUERADE > > > > This is what I am trying to set up. I also looked at the lartc.org and > > tried to implement split access. > > > > ip route add default scope global nexthop via 81.8.124.17 dev eth1 > > weight 1 nexthop via 172.18.10.2 dev eth3 weight 1 > > > > This command works if I ping from the linux router itself. It chooses > > a path and successfully returns ping results. > > > > But the NAT does not work. > > I got a message; > > > > MASQUERADE : Route sent us somewhere else. > > > > What would be the solution to this problem? > > > > Best Regards, > > ___ > > LARTC mailing list > > LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > -- > Grief can take care of itself, but to get the full value of a joy you must > have somebody to divide it with. -- Mark Twain > ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Multiple gateways
Hi! I had a similar problem, two internal networks and two links. I had to apply the patch at http://www.ssi.bg/~ja/routes-2.4.29-9.diff. It seems the packets got a source address while masquerading and when they are routed outbound the source address doesn't match the link address. MAYBE, just MAYBE, the problem can also be solved if you use SNAT instead of MASQUERADING. I hope this helps. Edésio On Fri, Jun 10, 2005 at 03:54:30PM +0300, aristo7514 aristo7514 wrote: > Hello, > > Since I could not figure out my previous problem, let me ask in a different > way. > > I have 3 networks inside my LAN. They are 172.16.55.0/24 , > 172.16.56.0/24 and 172.16.57.0/24 respectively. They all use eth0 as > an alias. > > I also have 2 uplinks to different ISPs. One of them is leased line > and the other one is ADSL. > > One of my uplink is 81.8.120.18/30 with gateway 81.8.120.17 on eth1 > and the other one is 172.18.10.30/24 with gateway 172.18.10.2 on eth3. > > I am trying to split my internal networks to these two providers. > > So, > iptables -t nat -A POSTROUTING -s 172.16.55.0/24 -i eth1 -j MASQUERADE > > iptables -t nat -A POSTROUTING -s 172.16.56.0/24 -i eth3 -j MASQUERADE > > iptables -t nat -A POSTROUTING -s 172.16.55.0/24 -i eth1 -j MASQUERADE > > This is what I am trying to set up. I also looked at the lartc.org and > tried to implement split access. > > ip route add default scope global nexthop via 81.8.124.17 dev eth1 > weight 1 nexthop via 172.18.10.2 dev eth3 weight 1 > > This command works if I ping from the linux router itself. It chooses > a path and successfully returns ping results. > > But the NAT does not work. > I got a message; > > MASQUERADE : Route sent us somewhere else. > > What would be the solution to this problem? > > Best Regards, > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -- Grief can take care of itself, but to get the full value of a joy you must have somebody to divide it with. -- Mark Twain ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Multiple gateways setup and timeout connections
You have to CONNMARK them so outgoing connection don't get re-routed each time routing cache expires. I've written about prevent the expiring of connections in http://selab.edu.ms/twiki/bin/view/Networking/MultihomedLinuxNetworking Bernardo Silveira wrote: Yes, I've tested with and without them, in kernels 2.4.22 and 2.6.10. ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Multiple gateways setup and timeout connections
On Mon, 7 Feb 2005 10:58:30 +0100, Uwe Kamper <[EMAIL PROTECTED]> wrote: > > Hi, > > > > I've setup a gateway using multiple default gateways and netfilter > > MASQUERADE to load balance traffic between two DSL interfaces and one > > dedicated link, and when I try to download something big, or when I'm > > using MSN (both in clients under this gateway), sometimes, or most > > times, after a while the connection timeouts. The connection doesn't > > seem to change its gateway (verified using ip route list cache) > > Hello, > > did you apply the patch mentioned under section 4.2.2 of the LARTC.org- > HOWTO ( http://lartc.org/howto/lartc.rpdb.multiple-links.html#AEN298 or > http://www.ssi.bg/~ja/#routes ) to your Linux kernel sources? > > > Uwe Kamper Yes, I've tested with and without them, in kernels 2.4.22 and 2.6.10. Bernardo Silveira Via IP Soluções para Internet Ltda ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Multiple gateways from multiple ISPs: how to add specificroutes?
Steen, : I have a box here with six ADSLs, two from each of three providers. The : system is setup in direct accordance with the configuration outlined in : the Nano-HOWTO.txt. Damn! That's a pile of DSL lines. : This means that I'd have to put in rules and/or routes that handles : these nets specifically and routes the traffic through the proper : gateway. Why not use a technique like this, assuming that nexthops 111.1.1.1 and 112.1.1.1 are both connected to ISP 1's network? # ip route add $ISP1_DNS/32 table 222 \ > nexthop via 111.1.1.1 dev eth1 weight 1 \ > nexthop via 112.1.1.1 dev eth2 weight 1 OR, more generally, # ip route add $ISP1_NET/$ISP1_NETMASK table 222 \ > nexthop via 111.1.1.1 dev eth1 weight 1 \ > nexthop via 112.1.1.1 dev eth2 weight 1 Now, you simply add a similar set of rules for each subnet inside the provider which needs to be reached through a particular set of the ADSL links. Seems simpler than creating new routing tables and adding more entries to the RPDB. (I subscribe to the keep-it-simple-stupid philosophy of network administration.) : Is this correct? I don't know. : Is this the way to go? I don't know. : What is "best practice" in this matter? I don't know. I sure hope somebody else on the list knows. [ snipped "ip route" and iptables output ] Thanks very much for the detailed description. Good luck--I imagine I'm not the only one who'd like to hear what you end up doing. -Martin -- Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/