[LARTC] iproute2 problem

Mon, 17 Jan 2005 15:34:19 -0800 

Hi,
  I have the following network configuration

eth1 -- 150.101.118.158 - Public IP supplied by ISP
eth0 -- 203.34.165.2 - Public IP allocated from my companies address range
gir0  -- 203.34.165.1 -  ip ip tunnel to transfer the public IP
address range of my company

The Routing is as follows :
 
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
150.101.118.156 0.0.0.0         255.255.255.252 U     0      0        0 eth1
203.34.165.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
127.0.0.0       127.0.0.1       255.0.0.0       UG    0      0        0 lo
0.0.0.0         150.101.118.157 0.0.0.0         UG    0      0        0 eth1

What I want to do is have any traffic that comes down the gir0 link to
return via the gir0 link, any traffic originating from the
203.34.165.0/24 address range to be NAT'd to the 150.101.118.156 range
as the ISP charges nothing for traffic on this range to it's own
mirrors e.t.c.

In order to do this I have the following script run after the ip-ip
tunnel is started

#!/bin/bash
/sbin/ip rule add from 203.34.165.1 table Tunnel
/sbin/ip route add default via 203.34.165.1 dev gir0 table Tunnel
/sbin/ip route flush cache


Now for the crazy problem......
Email coming in to 203.34.165.1 and 203.34.165.2 from some locations
like hotmail.com does not make it. I have done a tcpdump and the
emails that get lost start OK and somewhere in the transfer the
packets get lost and connection fails. Most other locations work fine,
e.g. gmail.com. I would normally just write this off as another
hotmail issue and not worry about it but this is happening to a number
of other email sources as well.

What appears to be happening is that the traffic starts out fine going
back and forward over the ip-ip tunnel like I expect and then a packet
does not go via this path, it just goes out the interface with the
default route. This subsequently gets lost somewhere and no ack is
received.

kernel and ip utilities versions are as follows:
ip -V
  ip utility, iproute2-ss040831
uname -a
     Linux spud.babelsoft.com.au. 2.6.10-gentoo-r4 #1 Thu Jan 13
21:08:50 EST 2005 i686 AMD Athlon(tm) XP 1700+ AuthenticAMD GNU/Linux

Does anyone have any ideas. Also for some strange reason the server
with this problem also refuse to use the 150.101.118.158 address as an
MX, which I am unable to determine the cause of.

Ian Nicholls
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Reply via email to