On Thu, 9 Nov 2000, Mike Fedyk wrote: > I've just subscribed to this list, and found this article. > It solved my problem perfectly, but he described the solution > I was trying as possible, which I've found is not. That is interesting... I can't see much difference from the setup you've made with what I've described, but for the ordering of the route setup commands (which, unfortunately, *is* significant, a detail I forgot when composing the e-mail). > I was reading some old docs that policy routing didn't work on packets from > local processes. I'm sure glad it was wrong. :) I've never seen those docs, fortunately. If I had, I probably wouldn't have tried this... ;) > Here's what my routes looked like: > 10.0.0.0 dev eth0 scope link src 10.0.0.2 > 63.194.293.210 dev eth1 scope link src 63.194.293.219 > 10.1.1.1 dev eth2 scope link src 10.1.1.2 > 10.0.0.0/24 dev eth0 scope link > 127.0.0.0/8 dev lo scope link > default > nexthop via 63.194.293.210 dev eth1 weight 1 > nexthop via 10.1.1.1 dev eth2 weight 1 > > here's my ip rule: > 0: from all lookup local > 32766: from all lookup main > 32767: from all lookup default > The default. Now here's my problem. If I connect from the internet to one of > my tcp services on 10.1.1.2 (which is behind another masq-ing firewall > from the isp for dsl) I would get responses from 63.194.239.202. > As you can see, this is not good, and kills any tcp traffic. Yes. TCP only handles multipath traffic if the addresses stay the same on all the paths. But it's not really good for most UDP based protocols either. > I added two tables, 40 and 50. > Each has a route to the ISP's gateway and a default route. Exactly the right thing to do. > Here's the new ip rule: > 0: from all lookup local > 32764: from 10.1.1.2 lookup 50 > 32765: from 63.194.293.219 lookup 40 > 32766: from all lookup main > 32767: from all lookup default > > Everything is fine now, thanks to Van's help. The name's Arthur. `van Leeuwen' is my surname. Yes, it's a silly European thing. Note quite unlike `van Beethoven' in `Ludwig van Beethoven'. > I just don't want anyone else to waste their time on what I tried... This stuff really should be in the HOWTO. Now to find some time to put it in... Doei, Arthur. -- /\ / | arthurvl@xxxxxxxxxx | Work like you don't need the money /__\ / | A friend is someone with whom | Love like you have never been hurt / \/__ | you can dare to be yourself | Dance like there's nobody watching
