Ruth Ivimey-Cook <r...@ivimey.org> wrote: > I want to link two hosts on the same net with a dedicated (fast) link, while > both have access to other computers on the same net via another interface. I > have got the routing sorted, but I keep having to delete automatically-added > network routes (/24 etc) when I add the -host routes. Basically all I need is > a couple of -host routes on each end. How can I best achieve this? I'm using > netplan to configure the routing, but it doesn't appear to have any ability > to delete unwanted routes.
Sorry for the delayed reply … I don’t think you need to delete anything. Lets assume your network is 192.168.1.0/24, and 192.168.2.0/24 is unused - just adjust the numbers to suit your network. I’m assuming the two hosts are currently at 192.168.1.[1|2]/24 on eth0, and your ptp link is eth1. There are a number of ways of doing things - this is all from memory so you may need to do some experimentation. Option 1 Add 192.168.2.1/24 to the interface on one and of the link , and 192.168.2.2/24 to the interface on the other. 1a) Just address traffic to 192.168.2.[1|2] But you’ll need to ensure that your services at each end use the correct source route - otherwise you’ll route the outbound packet via the ptp link, and the return packet will come via the LAN. E.g. outbound is src=192.168.1.1, dst=192.168.2.2; return is src=192.168.2.2, dst=192.168.1.1. 1b) Add routes (one to each host) : ip route add 192.168.1.1/32 via 192.168.2.1 dev eth1 ip route add 192.168.1.2/32 via 192.168.2.2 dev eth1 This can be done via post-up & pre-down commands when using /etc/network/interfaces (that’s all I ever use, I never let some “manager” package bork stuff for me) : iface eth1 addr 192.168.2.1/24 post-up ip route add 192.168.1.2/32 via 192.168.2.2 dev eth1 pre-down ip route delete 192.168.1.2/32 via 192.168.2.2 dev eth1 And reciprocal settings for the other host. 1c) Use a redundancy protocol (vrrp on Linux IIRC). You can then have vrrp monitor the ptp link and add/remove routes as appropriate. Without vrrp, when you bring up eth1 (option 1b above), it’ll set the route regardless of whether the link is actually active (cables connected, switch powered on if there is one, interface on other end up). By using vrrp, you can leave the routing via the LAN until the link is up and the other host is responding (at which point, vrrp daemon adds the appropriate route) - and if something goes wrong with the link then routing can be returned to be via the LAN. Option 2 Run the link un-numbered and add routes : ip route add 192.168.1.1/32 dev eth1 ip route add 192.168.1.2/32 dev eth1 I’m not too sure about this - basically it says to squirt traffic for a particular address out the interface without addressing the packet to any particular destination. I’ve done it with Cisco routers, never with Linux - TBH I decided that un-numbered links are generally a PITA, numbered links allow you to (e.g., and long time ago when security wasn’t an issue) telnet to a specific interface (e.g. force a connection via a backup ISDN line) on the remote router which is a life saver when diagnosing issues. So long before I was playing with Linux routing I’d ditched un-numbered interfaces. My first choice would be 1b. It allows you to keep services bound to just the LAN addresses, while routing inter-host traffic via the dedicated link. Nothing else need see that there is the other channel involved. Hope that helps, Simon _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
