Re: policy routing question
gk>> and where is the definition of your 'adsl' routing table? there is no If you mean for 'symbol' adsl - it's in /etc/iproute2/rt_tables. gk>> 'adsl routing table' by default. perhaps you forgot to add 'adsl' gk>> somewhere in the 'ip ro add' command? something like: gk>> gk>> ip ro add default table adsl via PPP-host dev ppp0 Yes, that's what I did. I mean, I did not forget - this is the command I used to set "conditional" default route. That's why packets went through ppp0 and not through "global" default. The problem is that the packets going "in" don't work as intended, only ones going "out". gk>> ofcourse it does - after all, your default route for the default routing gk>> table is set to go via ppp0 - thus, _All_ your traffic will be going out No, it is not. The global default route is through eth0. Sorry for forgetting to mention it. gk>> via that interface. this, while the incoming data is defined to go gk>> according to routing table 'adsl', which was not defined. It is defined. That's why the packets go "out" through ppp0 - otherwise they would go out through eth0 - just as other ones which do not match firewall mark rule. I wish it was as simple as that... -- [EMAIL PROTECTED] \/ There shall be counsels taken Stanislav Malyshev /\ Stronger than Morgul-spells phone +972-50-624945/\ JRRT LotR. whois:!SM8333 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: policy routing question
On Fri, 14 Feb 2003, Stanislav Malyshev wrote: > I have rather strange problem with routing on Linux. The host in question > is 2.2.19. It is connected to Frame Relay and ADSL (eth0 and ppp0 > interfaces, accordingly). The intranet is on eth1, all connections outside > are masqueraded. > > What I want to do is to make requests to port 80 go to ADSL and all other > things got to FR. i did something similar once, with a 2.2.X kernel, and it took several hours to get it done (a more complex setup, unfortionately, which involved 2 linux machines). there is no sane way to debug this - you must be very persistent, and stare at the code as your only debugging method ;) > Manual suggest following setup: > > ipchains rule along the lines: > ipchains -A input -s 10.0.0.0/8 80 -i eth1 -m 1 > > 10.0.0.0/8 and eth1 being the intranet addresses and interface, and then > iproute setup: > > ip ru add fwmark 1 lookup adsl > ip ro add default via PPP-host dev ppp0 and where is the definition of your 'adsl' routing table? there is no 'adsl routing table' by default. perhaps you forgot to add 'adsl' somewhere in the 'ip ro add' command? something like: ip ro add default table adsl via PPP-host dev ppp0 ?? > The problem is that the setup doesn't work, and in a very weird way. The > packet from inside gets out through ppp0, as intended, ofcourse it does - after all, your default route for the default routing table is set to go via ppp0 - thus, _All_ your traffic will be going out via that interface. this, while the incoming data is defined to go according to routing table 'adsl', which was not defined. hope this helps, -- guy "For world domination - press 1, or dial 0, and please hold, for the creator." -- nob o. dy = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
policy routing question
I have rather strange problem with routing on Linux. The host in question is 2.2.19. It is connected to Frame Relay and ADSL (eth0 and ppp0 interfaces, accordingly). The intranet is on eth1, all connections outside are masqueraded. What I want to do is to make requests to port 80 go to ADSL and all other things got to FR. Manual suggest following setup: ipchains rule along the lines: ipchains -A input -s 10.0.0.0/8 80 -i eth1 -m 1 10.0.0.0/8 and eth1 being the intranet addresses and interface, and then iproute setup: ip ru add fwmark 1 lookup adsl ip ro add default via PPP-host dev ppp0 The problem is that the setup doesn't work, and in a very weird way. The packet from inside gets out through ppp0, as intended, gets MASQed, is sent out, the responce from the host comes in, goes through the input firewall chain, is accepted - and _disappears_. It does not come to the output chain. Somehow seems that the packet is not demasqueraded, though the entry in the masquerade table for this port/host exists. If I set up the unconditional route (i.e., not via the iproute2 table rules, but as host route or default route) - everything works OK. Packets travel through the firewall and masquerading without any problem. The tcpdump and firewall report look exactly the same as in the above case - but this time the return packet gets demasqueraded successfully and gets output to the intranet interface. If I switch back to conditional rule - return packets are disappearing again. Does anyone has any idea what might be the problem here? Does anyone has any experience with such setups ("web connections go through one interface, all other connections go through another") - maybe I just went the wrong way? TIA, -- [EMAIL PROTECTED] \/ There shall be counsels taken Stanislav Malyshev /\ Stronger than Morgul-spells phone +972-50-624945/\ JRRT LotR. whois:!SM8333 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]