On Sat, 1 Mar 2003, Julian Anastasov wrote: > This looks a bit strange, it is not needed: > > > # To be sure that traffic goes to proper gateway > > 22: from 1.1.1.30 lookup 1 > > 22: from 2.2.2.66 lookup 2 Why, It's the same what You pointed me below... ? > You already have link routes to these IPs in table main > Yes, you don't need them: > > > 30: from all to 1.1.1.29 lookup 1 > > 30: from all to 2.2.2.65 lookup 2 OK, but I process main table after all manual typed rules... but never mind its not issue ;) > > #Balance tables distributes traffic from LAN. > > Don't expect from Netfilter to use correctly the routing, > you have to avoid using "iif" when playing with Netfilter. Just > use "from XXX". Hmmm... I cant understand what has netfilter to do with "iif" parameter ? What I want to achieve is to catch all incoming traffic on eth1.. > > 70: from all iif eth1 lookup balance > > > > > > # ip r l ta 1 > > default via 1.1.1.29 dev eth2 > > # ip r l ta 2 > > default via 2.2.2.65 dev eth4 > > # ip r l ta balance > > default > > nexthop via 1.1.1.29 dev eth2 weight 2 > > nexthop via 2.2.2.65 dev eth4 weight 3 > > > > So. Everything works but I have observed some behaviour what > > I can't understand.. > > I don't know what works but in theory it should not work, > you don't have routes that restrict each ISP traffic through its > gateway. May be in your case each of the ISPs allow spoofing. Well,look at top of the mail for first rules what You say are wrong.. > > What I expected was that trafic nated to 1.1.1.30 goes throught eth2 > > and traffic nated to 2.2.2.66 goes throught eth4. > > Then specify it to be so: > > ip rule add prio 20 from 1.1.1.30/30 table 1 > ip rule add prio 20 from 2.2.2.66/27 table 2 This is exact the same what firs rules on top of mail, Am I really wrong ? > but you will need rules "from all to all" for > proper default route selelection and source IP autoselection for > the masquerading. > Balance table catches all traffic from LAN to inet.Thats all what I need. > The normal kernel can not give you this, you > need other solutions, eg: > > http://www.ssi.bg/~ja/#routes > > dgd-usage.txt contains example for rules and routes you can use. Hmm... Maybe I am wrong but It's related to NAT multiple gateways on single interface not on different what I have... There shouldn't be problem what I read in this article. > > Unfortunatelly when become listening on eth4 with following command: > > May be it is the POST_ROUTING who is guilty for selecting > wrong nexthop and you can not notice it, this mistake is visible > on device output. > > > So that I am confused on this packet traversing.. Could someone explain > > this behaviour ? Is it OK or I have missed something ? > > You can read about such issues, use the above URL I will dig it still. Thank You for support tw -- ---------------- ck.eter.tym.pl "Never let shooling disturb Your education"
