Hello, I've only just starting playing with iproute so please excuse my probably stupid questions. I posted the following two posts to usenet and (as yet) have not received any response. My thanks for any replies, Steve. ----- Hi, I currently have a box running Debian 2.2 in the following configuration:- Cable Modem ---> Eth0 --> ppp/ssh --> Eth1 --> Internal network The ppp provides a route for my block of IP addresses and this works fine. However, what I would like to do is offer two gateway addresses within the network - one which routes traffic over the VPN, the other which (via masq) routes the traffic straight out over the Cable Modem ISP. I originally had a seperate box hosting the CM runninng masq which the VPN box connected through - with this setup I could choose to either use the masq box or the VPN box as a gateway. Can I achieve the same with just a single box? I've been experimenting with the new (to me anyway) "iproute" feature and stumbled across a problem when doing masq on a single machine ip:- ip rule add from 123.123.123.171 table masq ip route add default via 62.0.0.254 dev eth0 table masq ip route flush cache /sbin/ipchains -A forward -i eth0 -j MASQ 123.123.123.171 is an internal machine and 62.0.0.254 is the CM gateway address. # ip rule ls 0: from all lookup local 32765: from 123.123.123.171 lookup masq 32766: from all lookup main 32767: from all lookup default # ip route list table masq default via 62.0.0.254 dev eth0 If I know ping an external IP from the 123.123.123.171 machine I get the following traffic:- #tcpdump -i eth0 host www.test.net tcpdump: listening on eth0 00:23:56.236673 my-cable-isp.com > www.test.net: icmp: echo request 00:23:56.250903 www.test.net > my-cable-isp.com: icmp: echo reply (DF) So the address is being translated and the request going out on the CM IP - and a response is received. But..... #tcpdump -i eth1 host www.test.net tcpdump: listening on eth1 00:24:09.249296 123.123.123.171 > www.test.net: icmp: echo request ...I don't get the response returned to the originating machine? Any ideas? Notwithstanding this problem, this setup still doesn't provide me with two gateways.... Thanks for your opinions! Steve. ---- My second post after a bit more reading/playing..... ---- I've played around with this a bit more and using the following command:- ip rule add prio 329 from 123.123.123.171 nat 62.0.0.236 this causes any traffic from 123.123.123.171 to masquarade as 62.0.0.236 (my local CM address). Unfortunately, my default route is the ppp0 interface and although the packets are being masquaraded correctly they are still being sent via the default route (ppp0) - and not via the CM. Steve.
